Published in News

Intel releases advisories on SGX CPU extensions

by on17 February 2023

Bugs for Xeon

While Intel abandoned its in-chip DRM solution Software Guard Extensions (SGX) for its latest client CPUs, the technology is still causing trouble for its Xeon line.

For those who came in late, serious new security issues were constantly being found in SGX technology which is why Intel abandoned it but it kept it for its Xeon servers where it continues to cause problems.

Intel also released 31 new security advisories for its processor tech on 14 February including for some about the SGX CPU extensions, with five different CVE-listed security vulnerabilities found in Xeon processors, Core processors, and in the official Software Development Kit (SDK).

Two of the SGX vulnerabilities are related to a potential privilege escalation that could disclose sensible data. For those not in the know, those are the sort of security issues that SGX extensions were designed to defeat by employing encrypted memory areas known as "enclaves."

While Chipzilla has classified the CVE-2022-38090 vulnerability with a "medium" CVSS severity level it does seem to make the whole DRM thing look a bit pointless. According to Intel it could bring an "improper isolation of shared resources" in some CPUs when using SGX enclaves for a potential information disclosure via local access. The affected processors include the 9th and 10th Gen Core lines (the latest client CPUs to provide support for SGX applications), 3rd Gen Xeon Scalable and Xeon D server CPUs.

The CVE-2022-33196 vulnerability is about "incorrect default permissions" in some memory controller configurations, which could allow a privileged user to enable escalation of privilege via local access. This particular bug has a "high" severity rating, and it affects server-class processors belonging to the 3rd Gen Xeon Scalable and Xeon D lines.


Last modified on 17 February 2023
Rate this item
(0 votes)

Read more about: