Impact
On the affected Intel CPUs, a non-8-byte aligned read from the host memory within an SGX enclave allows the malicious host to use the vulnerabilities to read enclave data (i.e., the stale data inside CPU buffers). With the latest microcode patch and Hyper-Threading disabled, the ability of the attacker is reduced to forcing the enclave to receive the enclave data unexpectedly. Note that these vulnerabilities are introduced by hardware bugs rather than bugs in software or in the Open Enclave SDK.
Patches
Intel has provided a microcode update and the recommendation on disabling Hyper-Threading. To mitigate the unexpected read, users will need to regenerate the marshaling code with the new oeedger8r tool and recompile their applications against the patched libraries. In addition, users may need to manually patch their source code if it includes vulnerable code patterns that bypass the provided protection. Please refer to the new memcpy implementation in Intel SGX SDK for more detail.
Workarounds
There are no workarounds for the issue of unexpected read.
References
Intel Security Advisory: INTEL-SA-00657
For more information
If you have any questions or comments about this advisory:
Impact
On the affected Intel CPUs, a non-8-byte aligned read from the host memory within an SGX enclave allows the malicious host to use the vulnerabilities to read enclave data (i.e., the stale data inside CPU buffers). With the latest microcode patch and Hyper-Threading disabled, the ability of the attacker is reduced to forcing the enclave to receive the enclave data unexpectedly. Note that these vulnerabilities are introduced by hardware bugs rather than bugs in software or in the Open Enclave SDK.
Patches
Intel has provided a microcode update and the recommendation on disabling Hyper-Threading. To mitigate the unexpected read, users will need to regenerate the marshaling code with the new oeedger8r tool and recompile their applications against the patched libraries. In addition, users may need to manually patch their source code if it includes vulnerable code patterns that bypass the provided protection. Please refer to the new
memcpyimplementation in Intel SGX SDK for more detail.Workarounds
There are no workarounds for the issue of unexpected read.
References
Intel Security Advisory: INTEL-SA-00657
For more information
If you have any questions or comments about this advisory:
questionlabel.