## https://sploitus.com/exploit?id=C3BC9ADC-0E37-5E14-8100-EF90D8E5095F
# Fabricked: Breaking AMD SEV-SNP via Infinity Fabric
[](https://nvd.nist.gov/vuln/detail/CVE-2025-54510)
[](#)
[](#)
> **Fabricked** is a novel, software-only attack that compromises the security guarantees of AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging). By exploiting the untrusted nature of the UEFI in the confidential computing threat model, the attack manipulates the **Infinity Fabric**, AMD's internal interconnect, to misroute memory transactions and bypass critical security checks.
## Project Architecture
The attack targets the **`SNP_INIT`** phase of the SEV-SNP lifecycle. By misconfiguring the Infinity Fabric's address routing, the hypervisor forces the PSP's initialization writes to the Reverse Map Table (RMP) to be silently dropped or diverted.
### ๐ Repository Structure
| Component | Description |
| :--- | :--- |
| `asrock_fabricked_uefi.bin` | **Malicious UEFI Image** that skips Infinity Fabric "locking" during boot. Only for Asrock BERGAMOD8-2L2T motherboards |
| `linux-fabricked/` | **Modified Linux Kernel** with patches (`amd_disclosure.patch`) to coordinate the memory re-routing. |
| `fabrick-attestation-attack/` | **Attestation Exploit**: A KVM-based module to extract or manipulate SEV-SNP attestation reports. |
| `fabrick-static-attack/` | **Debug-Enable Exploit**: A KVM-based module to demonstrate arbitrary memory access to a target CVM. |
---
## Getting Started
### 1. BIOS Flash
Flash the provided `asrock_fabricked_uefi.bin` to a compatible AMD EPYC (Zen 5) motherboard (Asrock BERGAMOD8-2L2T). **Warning: This will weaken the platform's security for research purposes.**
### 2. Hypervisor Setup
Build and boot the modified kernel in `linux-fabricked/`:
```bash
cd linux-fabricked
make -j$(nproc)
sudo make install && sudo reboot
```
### 3. Launching the Attack
Load the attack modules once a victim SEV-SNP CVM is launched:
```bash
cd fabrick-attestation-attack
make
sudo insmod attack.ko VICTIM=
```
---
## โ ๏ธ Security Advisory
This repository contains **Proof-of-Concept (PoC)** code for a critical vulnerability.
- **CVE-2025-54510** has been assigned to this flaw.
- AMD has released official security bulletins and patches (AMD-SB-3034).
- **Use for educational and research purposes only.** Unauthorized access to computer systems is illegal.
---
## References & Resources
- ๐ **Project Website:** [fabricked-attack.github.io](https://fabricked-attack.github.io/)
- ๐ **Research Paper:** [Fabricked.pdf](https://fabricked-attack.github.io/fabricked_usenix26.pdf)
- ๐ก๏ธ **AMD Security Bulletin:** [AMD-SB-3034](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3034.html)
---
Built for the advancement of Hardware Security & Confidential Computing.