Intel's October 2021 Security Advisories - Important Updates

Table of Contents

• Introduction
• Security Advisory 1: Intel SA005
• Security Advisory 2: Intel SA00548
• Interview with Simon Johnson
• What is Intel SGX?
• The Key Issue and Likely Scenarios
• Impacted Platforms
• Recommended Actions for Users
• Conclusion
• FAQ

Introduction

In this episode of "Chips and Salsa," we will be discussing two security advisories released on Update Tuesday. The first advisory, Intel SA005, addresses two issues in the Intel Hardware Accelerated Execution Manager (HACKSAM). The Second advisory, Intel SA00548, deals with an externally reported issue in the Intel SGX (Software Development Kit). We will also have an interview with Simon Johnson, a senior principal engineer at Intel and one of the program architects for SGX.

Security Advisory 1: Intel SA005

Intel SA005 covers two medium severity CVEs in the Intel Hardware Accelerated Execution Manager (HACKSAM). This open-source project is a cross-platform hypervisor widely used for Android emulation. The first CVE allows an unauthenticated user to escalate privileges via local access, while the second CVE enables information disclosure through local access. It is important to note that these vulnerabilities can only be exploited if the attacker has physical possession or a local account on the vulnerable system. Both issues were coordinated through Intel's bug bounty program. Users are advised to update to version 7.66 or later, and there are currently no known active exploits using these vulnerabilities.

Security Advisory 2: Intel SA00548

Intel SA00548 addresses an externally reported issue in the Intel SGX Software Development Kit (SDK). This issue has a CVSS score of 8.2, indicating its severity. To better understand the issue and its mitigation steps, Chrome and the hosts of "Chips and Salsa" spoke with Simon Johnson, a senior principal engineer and program architect for SGX at Intel.

Interview with Simon Johnson

Simon Johnson's role at Intel involves overseeing the software, hardware, firmware, and ecosystem enablement aspects of the SGX program. He ensures that all the pieces of the Puzzle Align with the requirements of customers and developers. During the interview, Simon provided insights into the key issue addressed in the advisory and the likely scenarios surrounding it.

What is Intel SGX?

SGX, or Software Guard Extensions, is a technology developed by Intel to enhance the security of application code and data. It enables the creation of enclaves, which are isolated areas of code and data that are protected from outside interference. The Intel SGX Software Development Kit (SDK) provides developers with the tools and resources necessary to implement SGX in their applications.

The Key Issue and Likely Scenarios

The issue addressed in this advisory relates to the stack handling mechanism in the SGX SDK. Under certain limited circumstances, there is a potential loss of confidentiality. To mitigate this issue, Intel has made changes to the stack handling mechanism in the SDK and reissued it. It is important to note that this issue specifically impacts platforms with SGX2 support, such as Ice Lake, some Atom processors, and certain client systems. If developers are writing software for SGX1 platforms or not using an old out-of-tree driver for Linux, this advisory does not apply to them.

Impacted Platforms

The advisory primarily affects platforms that support SGX2. Users of SGX1 platforms or those not utilizing the old out-of-tree driver for Linux are unaffected. SGX2 support adds capabilities like more dynamic paging, but it may only apply in limited circumstances enabled by an "enable select" feature.

Recommended Actions for Users

To address the issue, users can download the latest version of the SDK and recompile their applications. When recompiling their enclave, developers should ensure that the ISV SVN (Independent Software Vendor Security Version Number) is incremented by one. This value helps indicate a new security version of the enclave and ensures the key derivation process functions correctly.

Conclusion

In this episode of "Chips and Salsa," we discussed two security advisories released by Intel. The first one addressed issues in the Intel Hardware Accelerated Execution Manager (HACKSAM), while the second focused on an issue in the Intel SGX Software Development Kit (SDK). Users were provided with recommendations on how to mitigate these issues. It is essential to remain vigilant about keeping software and hardware up to date to ensure the security of systems.

FAQ

Q: Which platforms are affected by the Intel SA005 advisory? A: The Intel SA005 advisory primarily impacts platforms with SGX2 support, such as Ice Lake, certain Atom processors, and specific client systems.

Q: Can the vulnerabilities addressed in Intel SA005 be exploited remotely? A: No, both vulnerabilities require either physical possession or a local account on the vulnerable system to exploit.

Q: What actions should users take to mitigate the Intel SA00548 advisory? A: Users should download the latest version of the Intel SGX SDK and recompile their applications. Additionally, developers should increment the ISV SVN value by one to indicate a new security version of their enclave.

Q: Are there any known active exploits using the vulnerabilities addressed in the Intel SA005 advisory? A: Intel is currently not aware of any active exploits utilizing these vulnerabilities.

Q: How can users obtain the updated versions of the Intel SA005 and Intel SA00548 advisories? A: Users can find the full advisories and download links on Intel's official website.

Q: Are there any performance impacts when updating to the recommended versions for the Intel SA005 advisory? A: Intel has not reported any significant performance impacts associated with updating to version 7.66 or later of the Intel Hardware Accelerated Execution Manager (HACKSAM).

Q: Can you provide more information about the bug bounty program Mentioned in the Intel SA005 advisory? A: Intel's bug bounty program encourages researchers to discover and responsibly disclose security vulnerabilities. By coordinating with the program, Intel can address these vulnerabilities promptly and ensure the security of their products and platforms.

Q: Is the usage of the dynamic paging capability mandatory for systems affected by the Intel SA00548 advisory? A: No, the usage of dynamic paging is not mandatory. There is an "enable select" feature that allows for specific circumstances under which the issue addressed by the advisory may occur.