While Intel is trying to eliminate the negative effects of multiple processor vulnerabilities, security researchers from three universities have mercilessly exposed two other defects of SGX software protection extension instructions.For attackers, this allows them to extract sensitive data fairly easily. Fortunately, the new problems can be repaired through active remedial measures, and there is no evidence that the new holes have been used in the field.
6.18 Activities have been fully launched to promote the activity portal summary:
Data map (from Intel official website)
Researchers from three universities in Michigan, Amsterdam, the Netherlands and Adelaide, Australia, have revealed that attackers can use the way multi-core architecture works to gain access to sensitive data on infected systems.
It has developed corresponding attack methods for the two vulnerabilities and provided the proof of concept of SGAxe and CrossTalk.
Image processed by CPU
The former appears to be an advanced version of the cacheout attack exposed earlier this year, where hackers can extract content from the CPU's L1 cache.
Sgaxe is a failed attempt by Intel to mitigate bypass attacks on software protection extensions (SGX), the researchers explained. As a dedicated area on the CPU, SGX is intended to ensure the integrity and confidentiality of the code and data being processed.
Sgaxe restored image
With the help of transient execution attack, the hacker can recover the encryption key stored in the SGX area and use it to decrypt the long storage area to obtain the EPID key of the machine. The latter is used to secure transactions, such as financial transactions and DRM protected content.
As for the second crosstalk vulnerability, which is a derivative of microarchitecture data sampling (MDS), it can attack the data processed by the CPU's line fill buffer (LBF).
It originally hoped to provide "staging buffer" for CPU kernel access, but hackers could use special software running on a single core to destroy the software code and data private key to protect its running.
It is reported that the new vulnerability affects a number of Intel processors released in 2015-2019, including some Xeon E3 SKUs (E5 and E7 series have been proven to resist such new attacks).
According to Intel's June security announcement, only a very small number of people can launch these attacks in the laboratory environment, and there are no reports that the vulnerability has been exploited in the wild.
Even so, the company will release microcode updates as soon as possible, while invalidating previously issued certification keys.