A new crack in SGX, the protective armor around Intel’s CPUs, is another embarrassment to the chip maker. It is already the seventh leak since 2018 in what should be an impenetrable fortress.
Software Guard Extensions (SGX) is Intel’s flagship CPU protection product. It is a cornerstone of several companies’ security strategy. SGX is, as it were, a fortress that protects encryption keys and other sensitive data. The protection works, in theory anyway, when an OS or virtual machine has been maliciously damaged.
Companies like Signal rely on SGX for the security and anonymity of their processes. The key to security and authenticity is that SGX creates eclaves, as it were. These are blocks of secure memory that are encrypted before leaving the processor. The decryption only takes place when the data returns to the processor.
Leak number 7 in the armor
The theory is nice, but in practice it turns out that SGX regular cracks in the armor. As of 2018, researchers have discovered seven problems. The last in line is ÆPIC Leak. The leak occurs after memory space is not completely cleared when the CPU has finished processing. As a result, old data can be released, which can lead to data leaks. ÆPIC Leak is a problem that originates from the CPU itself.
ÆPIC Leak can be traced as CVE-2022-21233. Intel has made a patch together with the researchers. Users who have a compromised CPU can get the update through the server. Intel expects to fully patch the vulnerability in the next generations of microarchitecture.
–
