As part of the June “Update Tuesday,” Intel fixed more than 20 different vulnerabilities in its products, including the SGAxe bug, which endangers several Intel processors.The manufacturer also released updated microcodes for processors vulnerable to the new CrossTalk MDS problem. But CrossTalk was not limited to this, and this week it became known about another problem that also threatens Intel processors. This no less serious vulnerability is called SGAxe, and it is a variation of the speculative attack CacheOut, discovered in early 2020.
Let me remind you that CacheOut belongs to the class of vulnerabilities of Microarchitectural Data Sampling (MDS), which includes RIDL, Fallout and ZombieLoad, and rna can lead to data leakage from Intel processors, virtual machines and SGX enclaves. It’s also worth noting that CacheOut is a kind of successor to another processor problem, Foreshadow, which first used the L1 cache to extract SGX keys.
“The measures Intel took to eliminate side-channel attacks on SGX (firmware updates and new architectures) were not enough”, – said representatives of the research team that discovered CacheOut and SGAxe problems.
Due to this, exploitation of the SGAxe problem allows an attack of the transient execution type, which leads to the restoration of trusted by the Intel certification center SGX cryptographic keys.
The certification mechanism is an important part of SGX. In fact, with its help, enclaves can prove to third parties that they are correctly initialized and work on a true Intel processor. In particular, this allows making sure that the software running inside the CPU has not been superseded. Thus, extracting SGX certification keys allows attackers to pretend to be a legitimate Intel SGX machine from a cryptographic point of view.
Researchers note that the attack will work even if the SGX enclave is in standby mode, therefore, it bypasses all hardware defenses.
“If the certification keys of a machine are compromised, any secrets provided by the server can be read right away by an untrusted client host application, while all output supposedly created by client-side enclaves cannot be considered reliable. In fact, it makes all SGX-based DRM applications useless, as any secret can be easily restored”, — experts explain.
A complete list of processors for which SGAxe is dangerous has been published by Intel Product Security Incident Response Team (PSIRT) and can be seen here.
Although Intel have already released fixes for the CacheOut problem in January, now it is planned that Intel will update the microcode again to protect against CacheOut and SGAxe and address the root cause of these vulnerabilities.
The company will also restore the Trusted Compute Base (TCB), which will invalidate all previously signed and compiled certification keys.
“This process ensures that your system is in a safe mode and can reuse remote certification”, — write the researchers.