AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Presented at Black Hat USA 2022, Aug. 10, 2022, 2:30 p.m. (30 minutes)

<div><span>CPU vulnerabilities undermine the security guarantees provided by software- and hardware-security improvements. While the discovery of transient-execution attacks increased the interest in CPU vulnerabilities on a microarchitectural level, architectural CPU vulnerabilities are still understudied.</span></div><div><span><br></span></div><div><span>In this talk, we systematically analyze existing CPU vulnerabilities showing that CPUs suffer from vulnerabilities whose root causes match with those in complex software. We show that transient-execution attacks and architectural vulnerabilities often arise from the same type of bug and identify the blank spots. Investigating the blank spots, we focus on architecturally improperly initialized data locations.</span></div><div><span><br></span></div><div><span>We discover AEPIC Leak, the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. AEPIC Leak works on all recent Sunny-Cove-based Intel CPUs (i.e., Ice Lake and Alder Lake) and does not require hyperthreading enabled. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. AEPIC Leak samples data transferred between the L2 and last-level cache, including SGX enclave data, from the superqueue. We target data in use, e.g., register values and memory loads, as well as data at rest, e.g., SGX-enclave data pages. Even if AEPIC Leak is a sampling-based attack, we introduce techniques to precisely influence from which page and offset the attack leaks from. </span></div><div><span>Our end-to-end attack extracts AES-NI, RSA, and even the Intel SGX attestation keys from enclaves within a few seconds. We discuss mitigations and conclude that the only short-term mitigations for AEPIC Leak are to disable APIC MMIO or not rely on SGX.</span></div>

Presenters:

• Andreas Kogler - PhD Student, Graz University of Technology
  Andreas Kogler is a PhD student in the CoreSec group at the Graz University of Technology. His main research interest is system security, focusing on microarchitectural side-channels and software-based fault attacks. Furthermore, he is interested in reverse engineering and automating attack defenses via compiler extensions.
• Pietro Borrello - PhD Student, Sapienza University of Rome
  Pietro Borrello is a PhD Student at the Sapienza University of Rome, working on System Security. His focus is applying Fuzzing and Program Analysis techniques to find and mitigate architectural and microarchitectural vulnerabilities. He is a passionate CTF player focusing on exploitation and reverse-engineering with both TRX and mhackeroni teams, which he co-founded. He is also the co-founder and current lead of the DEFCON Group in Rome.

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#aepic-leak-architecturally-leaking-uninitialized-data-from-the-microarchitecture-26559

Similar Presentations:

• Black Hat USA 2021 / Chip Chop - Smashing the Mobile Phone Secure Chip for Fun and Digital Forensics
• Black Hat Asia 2021 Virtual / "We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
• Black Hat Asia 2021 Virtual / Wideshears: Investigating and Breaking Widevine on QTEE