Intel ‘Sunny Cove’ SGX Vulnerability Discovered
Although originally intended to allow safe execution in an isolated environment, Intel’s Software Guard Extensions (SGX) memory encryption technology can do more harm than good. Processors with Intel’s Sunny Cove microarchitecture have been found to potentially expose data in memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC). register.
The registers are reportedly not cleanly initialized, so reading them exposes old dates for recent sample data transferred between L2 and last-level caches, including SGX enclave data from superqueues. will beResearchers have dubbed this vulnerability ÆPIC Leak (a.k.a. CWE-665: Improper Initialization), claiming that the bug has a hardware origin.
Intel says the processors affected include the 10th Gen Core ‘Tiger Lake’ and ‘Rocket Lake’, the 3rd Gen Xeon Scalable ‘Ice Lake-SP’ and the Sunny Cove/Cypress Cove Micro which covers the Xeon D-1700. It claims to contain all chips based on the architecture. /2700 products. Additionally, Atom, Celeron, and Pentium systems-on-chips featuring the Gemini Lake microarchitecture are vulnerable to the same types of attacks.
On the other hand, the perpetrator must have administrator or root privileges to access data from APIC registers. This makes exploiting this weakness a bit more difficult (but not impossible). In a virtualized environment, the hypervisor does not allow the virtual machine to access her APIC registers.
Intel has acknowledged the problem with its SGX technology and has issued a set of recommendations on how to avoid potential issues with the vulnerability. Meanwhile, the researchers who discovered this bug late last year have provided their own fix for the problem.
Interestingly, some of the researchers who disclosed the ÆPIC Leak bug recently identified the first side-channel attack against the scheduler queue. The vulnerability affects all of AMD’s existing Ryzen processors with Zen 1/2/3 microarchitectures. To exploit this vulnerability to access data processed on the same CPU core, an attacker would first have to run malicious code on that CPU core, which is not particularly trivial.
“An attacker running on the same host and CPU core as you could spy on the type of instructions you are executing due to the split scheduler design of AMD CPUs,” explained Gruss. “Apple’s M1 (and presumably M2 as well) will follow the same design, but he hasn’t introduced SMT in the CPU yet, so no impact.”
AMD has reportedly confirmed an issue now known as AMD-SB-1039. This is a race side-channel vulnerability in the execution unit scheduler of AMD processors.