Intel® SGX Denial of Service in Linux
|Product family:||Intel® Software Guard Extensions Platform Software Component|
|Imact of vulnerability:||Denial of Service|
Vulnerabilities in SGX Linux SW allow unprivileged user with local access to create a denial of service that can affect all users of SGX.
There are vulnerabilities in the Intel Architectural Enclave Service Manager (AESM) for Linux that can result in, effectively, AESM being disabled. AESM is key component for the remote attestation of enclaves. The vulnerability can be exploited by an unprivileged user in a potentially multiuser / server environment, thus effectively disabling Intel® SGX attestation for any other user of the affected server. In a multi-VM setting, this affects SGX solely in the VM running the AESM instance being attacked.
The vulnerabilities can result in Denial of Service of the AESM and, as a result, of SGX remote attestation. SGX data confidentiality or integrity is not compromised by this exploit.
Intel® Software Guard Extensions Platform Software Component for Linux before 2.1.102.
Upgrade to Intel® Software Guard Extensions Platform Software Component for Linux 2.1.102 or later.
Intel would like to thank Michael N. Henry and Alexander Gutkin of Intel DCG Red Team for reporting this issue and working with us on coordinated disclosure.