ÆPIC Leak: New vulnerability discovered in Intel processors – not quite as tragic affects AMD

Intel or the processors from the manufacturer are making a name for themselves with a security gap. As reported by the research team led by Daniel Gruss, who discovered the error, the error can be exploited on most tenth, eleventh and twelfth generation Intel CPUs. Particularly explosive: Unlike Specter and Meltdown, this is not a side-channel attack because sensitive data can be read directly from the microarchitecture. “ÆPIC Leak” is the first security hole of this kind.

The error apparently means that data is not correctly overwritten, but remains readable via the interrupt controller. The data should actually be safe in the SGX enclave. Nevertheless, the error is probably far less explosive than it sounds at first glance. If someone is really after the data, he could only exploit the “ÆPIC Leak” with admin rights. In addition, only part of the information can be tapped.

intel has already announced to work on a solution and to get a new SGX-SDK off the ground as soon as the vulnerability is made public. Apparently they already have a solution for servers. Microcode updates are also already available via GitHub for Linux. If you want to be on the safe side, you can of course deactivate SGX.

The team led by Daniel Gruss from the University of Graz and Roman researcher Pietro Borrello report on how “ÆPIC Leak” works in a paper that has been published published on its own website. The vulnerability affects Sunny Cove and processors based on it, specifically Ice Lake and Ice Lake-SP as well as Alder Lake. As is usual with such security leaks, the researchers first informed the manufacturer to give them time to evaluate the problem.

SQUIP also affects AMD, but is “only” a side-channel attack

Around the same time, another research team, including security researcher Gruss, discovered the “SQUIP” side-channel attack. Data cannot be read out directly, but can only be derived from observations of temporal relationships. Here, scheduler queues are used for the first time, i.e. the chronological ordering and organization of calculation steps.

This approach has so far been ignored because there are no advantages over other hardware-based security gaps. At least with the Intel processors that have been widespread to date. With “SQUIP” AMD and partly also Apple chips are now coming into focus. “Our attack exploits the limited capacity of the scheduler queue for multiplications. If it fills up, the processor has to wait until space is free again. We measure these waiting times and use them to draw conclusions about the program flow,” the press release says.

Since the effort that data thieves have to put in is considered high, “SQUIP” should not pose a threat to most users. If you still want to take countermeasures, you should disable SMT. A software solution is also possible. The researchers tried their attack on a Ryzen 7 3700X, Ryzen 7 5700X and an Epyc 7443.

Source: Graz University of Technologyofficial ÆPIC Leak website