Originally meant to enable secure execution in an isolated environment, Intel's Software Guard Extensions (SGX) memory encryption technology could do more harm than good. It turns out, processors featuring Intel's Sunny Cove microarchitecture may expose data located in the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), reports The Register.
The registers are reportedly not initialized cleanly and therefore reading them exposes stale date of recent sample data transferred between the L2 and last-level cache, including SGX enclave data, from the super queue. Researchers call the vulnerability ÆPIC Leak (aka CWE-665: Improper Initialization) and claim that the bug has hardware origins.
Intel claims that the affected processors include all chips based on the Sunny Cove/Cypress Cove microarchitectures, which covers 10th Generation Core 'Tiger Lake' and 'Rocket Lake', 3rd Generation Xeon Scalable 'Ice Lake-SP', and Xeon D-1700/2700 products. In addition, Atom, Celeron, and Pentium system-on-chips featuring the Gemini Lake microarchitecture are vulnerable to the same kind of attack.
Meanwhile, to access data from APIC registers, perpetrators need to have admin or root privileges. Which makes the use of this weakness slightly harder to exploit (but not impossible). In virtualized environments hypervisors do not allow virtual machines access to APIC registers.
Intel admits the problems with its SGX technology and has issued a set of recommendations on how to avoid potential problems with the vulnerability. Meanwhile, the researchers who discovered the bug late last year offer their own fix for the problem.
Interestingly, some of the investigators who exposed the ÆPIC Leak bug also recently identified the first side-channel attack on scheduler queues. The vulnerability affects all of AMD's existing Ryzen processors featuring Zen 1/2/3 microarchitectures. To exploit the weakness and get access to data processed by the same CPU core, perpetrators need to run malicious code on that CPU core first, which is not particularly easy.
"An attacker running on the same host and CPU core as you, could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs," explained Gruss. "Apple's M1 (probably also M2) follows the same design but is not affected yet as they haven't introduced SMT in their CPUs yet."
AMD reportedly confirmed the problem — currently called AMD-SB-1039: Execution Unit Scheduler Contention Side-Channel vulnerability on AMD Processors — and said that the company considers it a 'medium severity' threat.
