[ad_1]
ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.
You can try out the vulnerability as it’s demonstration has been open-sourced by Graz Institute of Technology here. Currently, we have no information about the patch, but Intel has been made aware in December of 2021. Carrying a CVE tag CVE-2022-21233, the vulnerability can be avoided by disabling APIC MMIO or avoiding SGX.
[ad_2]
Source link