AEPIC Leak – an attack leading to a leakage of enclaves of Intel SGX enclaves

Information about the new attack on Intel processors- aepic leak (cve-2022-21233), to a leakage of confidential data from isolated enclaves Intel SGX (Software Guard Extensions). The problem affects the 10th, 11th and 12th generations CPU Intel (including the new Ice Lake and Alder Lake series) and is caused by architectural shortcomings that allows you to access the non -property data remaining in APIC (Advanced Programmable Interrupt Controller) after complementary operations)

Unlike the SPectre class attacks, the leak in Aepic Leak occurs without the use of methods for restoration by third -party channels – information about confidential data is transmitted directly through the receipt of the contents of the registers reflected in the MMIO memory page (Memory -Mapped I/O). In general, the attack allows you to determine the data transmitted between the cache of the second and last levels, including the contents of the registers and the results of the reading operations that were previously processed on the same CPU core.

Since the attack is necessary to access the physical pages of Apic MMIO, i.e. Administrator privileges are required, the method is limited by the attack on the SGX enclaves, to which the administrator has no direct access. The researchers have developed a tools that allows for several seconds to determine the AES-Ni and RSA keys stored in SGX, as well as the INTEL SGX certification keys and the parameters of the pseudo-random number generator. The code for conducting an attack published on github.

Intel announced about training on training Corrections in the form of a microcode update in which support for cleaning buffers is implemented and additional measures were added to protect the enclaves. A new SDK release for Intel SGX with changes that prevent data leakage has also been prepared. Developers of operating systems and hypervisors recommended instead of an outdated XAPIC mode, the X2APIC mode, in which MSR registers are used to access the APIO registers.

/Media reports.