A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability.
Description: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Consult this list of affected products here.
Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.
For Intel® SGX customers, Intel recommends updating the microcode located in platform flash designated by firmware interface table (FIT) entry point1.
Detailed steps on the microcode loading points can be found at:
To address this vulnerability, a SGX TCB recovery is planned, refer here for more information on the SGX TCB recovery process.
Attestation responses will change as a result of the TCB Recovery. Refer to the Intel SGX Attestation Technical Details documentation for further details.
For non-Intel® (SGX) systems the microcode patch can be OS loaded.
Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:
GitHub*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
The microcode update will also provide an opt-out mechanism (using bit 4 of the IA32_MCU_OPT_CTRL MSR) which allows system software to disable the mitigation in order to avoid the performance impact on certain vectorization-heavy workloads.
Please refer to the technical paper here for additional information.
Intel would like to thank Daniel Moghimi from University of California San Diego for reporting this issue and providing proof-of-concept code.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.