Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Cloud servers that promise complete data protection are not as impenetrable as they seem. Researchers have found a way to bypass one of the main security technologies of AMD processors, without needing physical access to the hardware.
The attack has been named FABRICKED, and it targets AMD’s SEV-SNP (Secure Virtual Machine) technology, used by cloud service providers to isolate customer data. The core of the problem lies in how data is transferred between components within the processor.
Modern AMD chips use an internal bus called Infinity Fabric. It connects cores, memory, and I/O devices. When the system starts, the firmware configures the routing rules: which data should be sent and where. It was assumed that, even with untrusted firmware, SEV-SNP protection would remain unaffected.
However, FABRICKED proves otherwise.
An attacker with access to the hypervisor or firmware can modify routing rules and redirect critical operations. Consequently, the security coprocessor receives an incorrect image of the system and initializes it improperly. The attack allows for reading and writing arbitrary data in the memory of the protected virtual machine. Furthermore, the attacker can falsify authentication reports that confirm the system is running in a secure mode.
The main problem concerns the RMP table, which controls memory access. When the system starts, the coprocessor must populate this table with the correct data. However, if the entries are redirected, the table remains in an insecure state. The hypervisor then gains access to the virtual machine’s memory when it should not.
Researchers have discovered an even more unsettling scenario.
An attacker can activate the so-called debug mode after the system has passed the check. This mode is normally prohibited because it allows reading and modifying the virtual machine’s memory. However, by manipulating the security table, this restriction can be bypassed.
Furthermore, the attack allows for falsifying audit results. A virtual machine can receive a “correct” report even if a modified or malicious environment is running. In fact, the user believes they are working in a secure environment, although the attacker has control over it. The problem stems from two factors. Firstly, the system does not verify that routing settings are completely locked. Secondly, some memory requests are processed incorrectly and might follow “erroneous” rules.
The vulnerability has already been reported to the developer. AMD has confirmed the problem and plans to fix it with a patch identified as CVE-2025-54510.
An attack requires a significant level of access, for example, control of the hypervisor or firmware. However, for cloud services, such a scenario is entirely realistic. This means that even modern confidential computing mechanisms cannot yet be considered completely secure.
