Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE). Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache. The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave’s private keys. The exploit results in a transient execution attack that can recover SGX cryptographic keys from a fully updated Intel machine, which is trusted by Intel’s attestation server.
In response to the findings, Intel addressed the flaw in a microcode update distributed to software vendors yesterday after a prolonged 21-month disclosure period due to the difficulty in implementing a fix.
Intel CPUs released from 2015 to 2019
Xeon E3 and E CPUs
The company has recommended users of affected processors to update to the latest version of the firmware provided by system manufacturers to address the issue.