Right here’s this week’s BWAIN, our jocular time period for a Bug With An Spectacular Title.
BWAIN is an accolade that we hand out when a brand new cybersecurity flaw not solely seems to be fascinating and necessary, but in addition turns up with its personal emblem, area title and web site.
This one is dubbed ÆPIC Leak, a pun on the phrases APIC and EPIC.
The previous is brief for Superior Programmable Interrupt Controller, and the latter is just the phrase “epic”, as in big, huge, excessive, mega, humongous.
The letter Æ hasn’t been utilized in written English since Saxon instances. Its title is æsc, pronounced ash (as within the tree), and it just about represents the sound of the A in within the trendy phrase ASH. However we assume you’re presupposed to pronounce the phrase ÆPIC right here both as “APIC-slash-EPIC”, or as “ah!-eh?-PIC”.
What’s all of it about?
All of this raises 5 fascinating questions:
- What’s an APIC, and why do I would like it?
- How are you going to have knowledge that even the kernel can’t peek at?
- What causes this epic failure in APIC?
- Does the ÆPIC Leak have an effect on me?
- What to do about it?
What’s an APIC?
Let’s rewind to 1981, when the IBM PC first appeared.
The PC included a chip referred to as the Intel 8259A Programmable Interrupt Controller, or PIC. (Later fashions, from the PC AT onwards, had two PICs, chained collectively, to help extra interrupt occasions.)
The aim of the PIC was fairly actually to interrupt this system operating on the PC’s central processor (CPU) at any time when one thing time-critical befell that wanted consideration immediately.
These {hardware} interrupts included occasions resembling: the keyboard getting a keystroke; the serial port receiving a personality; and a repeating {hardware} timer ticking over.
With out a {hardware} interrupt system of this kind, the working system would have to be suffering from perform calls to test for incoming keystrokes frequently, which might be a waste of CPU energy when nobody was typing, however wouldn’t be responsive sufficient after they did.
As you possibly can think about, the PIC was quickly adopted by an upgraded chip referred to as the APIC, an superior type of PIC constructed into the CPU itself.
Today, APICs present way more than simply suggestions from the keyboard, serial port and system timer.
APIC occasions are triggered by (and supply real-time knowledge about) occasions resembling overheating, and permit {hardware} interplay between the totally different cores in modern multicore processors.
And as we speak’s Intel chips, if we could simplifly enormously, can usually be configured to work in two other ways, often known as xAPIC mode and x2APIC mode.
Right here, xAPIC is the “legacy” manner of extracting knowledge from the interrupt controller, and x2APIC is the extra trendy manner.
Simplifying but additional, xAPIC depends on what’s referred to as MMIO, quick for memory-mapped enter/output, for studying knowledge out of the APIC when it registers an occasion of curiosity.
In MMIO mode, you’ll find out what triggered an APIC occasion by studying from a selected area of reminiscence (RAM), which mirrors the enter/output registers of the APIC chip itself.
This xAPIC knowledge is mapped right into a 4096-byte reminiscence block someplace within the bodily RAM of the pc.
This simplifies accessing the info, however it requires an annoying, advanced (and, as we will see, doubtlessly harmful) interplay between the APIC chip and system reminiscence.
In distinction, x2APIC requires you to learn out the APIC knowledge instantly from the chip itself, utilizing what are often known as Mannequin Particular Registers (MSRs).
In keeping with Intel, avoiding the MMIO a part of the method “gives considerably elevated processor addressability and a few enhancements on interrupt supply.”
Notably, extracting the APIC knowledge instantly from on-chip registers implies that the overall quantity of knowledge supported, and the utmost variety of CPU cores that may be managed on the similar time, shouldn’t be restricted to the 4096 bytes accessible in MMIO mode.
How are you going to have knowledge that even the kernel can’t peek at?
You’ve in all probability guessed already that the info that results in the MMIO reminiscence space whenever you’re utilizing xAPIC mode isn’t at all times as rigorously managed appropriately…
…and thus that some type of “knowledge leak” into that MMIO space is the center of this downside.
However given that you simply already want sysadmin-level powers to learn the MMIO knowledge within the first place, and subsequently you could possibly nearly actually get at any and all knowledge in reminiscence anyway…
…why would having different folks’s knowledge present up by mistake within the APIC MMIO knowledge space characterize an epic leak?
It’d make some varieties of data-stealing or RAM-scraping assault barely simpler in follow, however absolutely it wouldn’t provide you with any extra memory-snooping potential that you simply already had in idea?
Sadly, that assumption isn’t true if any software program on the system is utilizing Intel’s SGX, quick for Software program Guard Extensions.
LEARN MORE ABOUT SGX
SGX is supported by many latest Intel CPUs, and it gives a manner for the working system kernel to “seal” a bit of code and knowledge right into a bodily block of RAM in order to kind what’s often known as an enclave.
This makes it behave, briefly a minimum of, very similar to the particular safety chips in cell phones which can be used to retailer secrets and techniques resembling decryption keys.
As soon as the enclave’s SGX “lock” is about, solely program code operating contained in the sealed-off reminiscence space can learn and write the contents of that RAM.
Because of this, the inner particulars of any calculations that occur after the enclave is activated are invisible to some other code, thread, course of or person on the system.
Together with the kernel itself.
There’s a technique to name the code that’s been sealed into the enclave, and a manner for it to return the output of of the calculations it’d carry out, however there’s no technique to recuperate, or to spy on, or to debug, the code and its related knowledge whereas it runs.
The enclave successfully turns right into a black field to which you’ll be able to feed inputs, resembling a knowledge to be signed with a personal key, and extract outputs, such because the digital signature generated, however from which you’ll be able to’t winkle out the cryptographic keys used within the signing course of.
As you possibly can think about, if knowledge that’s presupposed to be sealed up inside an SGX enclave ought to ever by chance get duplicated into the MMIO RAM that’s used to “mirror” the APIC knowledge whenever you’re utilizing xAPIC “memory-mapped” mode…
…that will violate the safety of SGX, which says that no knowledge ought to ever emerge from an SGX enclave after it’s been created, until it’s intentionally exported by code already operating contained in the enclave itself.
What causes this epic failure in APIC?
The researchers behind the ÆPIC Leak paper found that by arranging to learn out APIC knowledge through a crafty and strange sequence of reminiscence accesses…
…they might trick the processor into filling up the APIC MMIO area not solely with knowledge freshly obtained from the APIC itself, but in addition with knowledge that simply occurred to have been utilized by the CPU not too long ago for another objective.
This behaviour is a side-effect of the truth that though the APIC MMIO reminiscence web page is 4096 bytes in dimension, the APIC chip in xAPIC mode doesn’t really produce 4096 bytes’ value of knowledge, and the CPU doesnt’t at all times accurately neutralise the unused components of the MMIO area by filling it with zeros first.
As a substitute, outdated knowledge left over within the CPU cache was written out together with the brand new knowledge obtained from the APIC chip itself.
Because the researchers put it, the bug boils all the way down to what’s often known as an uninitialised reminiscence learn, the place you by chance re-use another person’s leftover knowledge in RAM as a result of neither they nor you flushed it of its earlier secrets and techniques first.
Does the ÆPIC Leak have an effect on me?
For a full record of chips affected, see Intel’s personal advisory.
So far as we will inform, in case you have a tenth or eleventh era Intel processor, you’re in all probability affected.
However in case you have a brand-new Twelfth era CPU (the very newest on the time of writing), then evidently solely server-class chips are affected.
Satirically, in Twelfth-generation laptop computer chips, Intel has given up on SGX, so this bug doesn’t apply as a result of it’s not possible to have any “sealed” SGX enclaves that might leak.
After all, even on a doubtlessly susceptible chip, in case you’re not counting on any software program that makes use of SGX, then the bug doesn’t apply both.
And the bug, dubbed CVE-2022-21233, can solely be exploited by an attacker who already has native, admin-level (root) entry to your laptop.
Common customers can’t entry the APIC MMIO knowledge block, and subsequently don’t have any manner of peeking at something in any respect in there, not to mention secret knowledge that may have leaked out from an SGX enclave.
Additionally, visitor digital machines (VMs) operating below the management of a bunch working system in a hypervisor resembling HyperV, VMWare or VirtualBox nearly actually can’t use this trick to plunder secrets and techniques from different friends or the host itself.
That’s as a result of visitor VMs usually don’t get entry to the true APIC circuitry within the host processor; as a substitute, every visitor will get its personal simulated APIC that’s distinctive to that VM.
What to do?
Don’t panic.
On a laptop computer or desktop laptop, you will not be in danger in any respect, both as a result of you could have an older (or, fortunate you, a model new!) laptop, or since you aren’t counting on SGX anyway.
And even in case you are threat, anybody who will get into your laptop computer as admin/root in all probability has sufficient energy to trigger you a world of bother already.
When you’ve got susceptible servers and also you’re counting on SGX as a part of your operational safety, test Intel safety advisory INTEL-SA-00657 for defense and mitigation info.
In keeping with the researchers who wrote this up, “Intel [has] launched microcode and SGX Software program Improvement Equipment updates to repair the difficulty.”
The Linux kernel workforce additionally appears to be working proper now on a patch that may can help you configure your system so that it’ll at all times use x2APIC (which, as you’ll keep in mind from earlier, doesn’t transmit APIC knowledge through shared reminiscence), and can gracefully forestall the system being pressured again into xAPIC mode after bootup.