Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks
Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE).
Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache.
“By using the extended attack against the Intel-provided and signed architectural SGX enclaves, we retrieve the secret attestation key used for cryptographically proving the genuinity of enclaves over the network, allowing us to pass fake enclaves as genuine,” a group of academics from the University of Michigan said.
The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave’s private keys.