Over the past two years, processors, in particular processors made by Intel, have been targeted by an unending series of attacks that have made it possible for skilled attackers to intercept passwords, encryption keys, and other secrets out of data stored in resident memory.
Last week two separate academic teams disclosed two new and distinctive exploits that penetrate Intel’s Software Guard eXtension, by far the most sensitive region of Intel’s processors.
SGAxe
SGAxe, the first of the flaws builds on the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an authenticated attacker with local access to breach the security of Intel Software Guard Extensions (SGX) and retrieve user data from the processor’s Level 1 Cache.
Intel launched SGX hardware encryption technology in 2015 with the Skylake microarchitecture. The purpose of SGX technology is to protect areas of memory from unauthorised users, including system administrators. The technology enables applications to run within secured software containers (enclaves), providing hardware-based memory encryption to isolate the applications’ data and code in memory.
CrossTalk
The second line of attack was named CrossTalk (CVE-2020-0543) by researchers from the VU University in Amsterdam and dubbed “Special Register Buffer Data Sampling” or SRBDS by Intel.
CrossTalk enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave’s private keys.
It takes advantage of a staging buffer that’s readable across all CPU cores to mount transient execution attacks across the cores and extract the entire ECDSA private key of a secure enclave running on a separate CPU core.
Mitigation
It is important to note that an attack exploiting the CacheOut flaw does not work on Intel chips sold after the third quarter of 2018, and it cannot be used to launch attacks via a web browser.
Intel released new updates to protect against these vulnerabilities on Tuesday and expects them to be available to end-users in the coming weeks.
The mitigation locks the entire memory bus before updating the staging buffer and only unlocks it after clearing its content. This strategy ensures no information is exposed to offcore requests issued from other CPU cores.