Header Ads Widget

A bug in Intel's fresh processor architecture allows direct data leaks via SGX

A bug in Intel's fresh processor architecture allows direct data leaks via SGX

The discovery of Spectre and Meltdown vulnerabilities in Intel and other processor architectures was followed by a shaft of new leaks, implemented in side-channel attacks.
An investigation into vulnerabilities in Intel processor architecture in generations 10 to 12 revealed a significantly larger threat - the possibility of a direct leak of sensitive user data due to a direct vulnerability in the company's new processor architectures.Image source: IntelInternational research team has released information on the discovery of a vulnerability named AEPIC Leak (ÆPIC Leak) and code CVE-2022-21233 in new Intel processors.
The two terms APIC and EPIC are intertwined in the name, which hints at serious problems when accessing the APIC interrupt controller.
In xAPIC mode, the corresponding registers are accessed through a memory-mapped I/O page (MMIO).
If an attacker has administrator or root access, the application memory can be unloaded almost instantly via MMIO.
No complicated manipulation, as with leaks in side-channel attacks, is necessary, so the researchers described ÆPIC Leak as \"the first CPU bug capable of exposing sensitive data.
\"Of course, the requirement to have administrator or root access for a ÆPIC Leak attack will limit the field of action for attackers.
Therefore, most non-cracked systems will be out of this danger.
But there is one \"but\".
If the system relies on Intel SGX protection, ÆPIC Leak will overcome it easily.
More specifically, the new vulnerability uses SGX precisely to bypass protection from attacks by privileged attackers.
As soon as an SGX enclave application is loaded into memory, ÆPIC Leak is able to immediately completely offload application memory to steal data from it.
So don't get your hopes up about SGX in this matter.The researchers' data on this leak was given to Intel late last year.
Intel rated the reported vulnerability as a medium-risk vulnerability, which is presented as an \"uninitialized memory read vulnerability.\" Intel's recommendations suggest that processors without SGX support are fully protected against the ÆPIC Leak.
For processors with SGX, it is recommended to enable x2APIC mode in OS and virtual machine monitors, then xAPIC MMIO page will be disabled and will not allow leaks through its resources.Speaking about the list of vulnerable processors, Intel provided a list of Intel Ice Lake 10th generation, Intel Xeon 3rd generation (Ice Lake SP), Ice Lake Xeon-SP, Ice Lake D, Gemini Lake, Ice Lake U, Y and Rocket Lake models.

Post a Comment

0 Comments