Researchers from a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology disclosed a vulnerability (CVE-2021-0186) that affects Intel processors. As per the reach, attackers could abuse the vulnerability (CVE-2021-0186) not only to steal sensitive information stored within enclaves but also can run arbitrary code on vulnerable systems. Let’s see how to fix CVE-2021-0186 the new SmashEx CPU vulnerability in this post.
Table of Contents
What Is Software Guard Extensions (SGX) In Intel Processors?
Intel introduced Software Guard eXtensions in short SGX with the release of Intel’s Skylake processors. SGX was primarily designed to run selected application modules in a completely isolated memory, which is called an enclave or a Trusted Execution Environment (TEE). The main purpose of SGX is to protect application modules from high privilege processes like the operating system. However, Intel allowed operating system processes to interrupt the enclave execution through configurable hardware exceptions for normal operations. This allows enclave runtimes like Intel SGX SDK and Microsoft Open Enclave to support enclave execution interruptions which lead enclaves to live with re-entrancy vulnerabilities.
What Is SmashEx Attack?
“SmashEx is an attack that exploits re-entrancy vulnerabilities in the exception handling designs of Intel SGX (Software Guard eXtensions) enclave runtimes.” This result in Improper input validation vulnerabilities in the Intel(R) SGX SDK applications. This enables adversaries to steal sensitive information stored within enclaves or perform arbitrary code execution inside the victim enclave.
Summary of CVE-2021-0186 The New SmashEx CPU Vulnerability:
|CVSS Base Score||8.2|
|Description||Improper input validation in enclave runtimes like Intel SGX SDK and Microsoft Open Enclave|
|Impact of vulnerability:||Escalation of Privilege|
Products Affected by CVE-2021-0186 The New SmashEx CPU Vulnerability:
Some Intel Processor modules and software enclave runtime applications are prone to CVE-2021-0186vulnerability. Software:
- Intel SGX SDK for Windows v2.12 and earlier.
- Intel SGX SDK for Linux v2.13 and earlier.
Intel® Processors supporting SGX2:
|Code Name||Product Collection|
|Ice Lake Xeon-SP (HCC, XCC)||3rd Gen Intel® Xeon® Scalable processor family|
|Ice Lake||10th Generation Intel® Core™ Processor Family|
|Gemini Lake||Intel® Pentium® Processor Silver Series, Intel® Celeron® Processor J Series, Intel® Celeron® Processor N Series|
How to Fix CVE-2021-0186 The New SmashEx CPU Vulnerability?
Both Intel and Microsoft have rolled out patches to their enclave runtimes to Fix CVE-2021-0186 the new SmashEx CPU vulnerability. Inter recommends Windows users to update Intel® SGX SDK to version 2.13 or later and Linux users to update Intel® SGX SDK to version 2.14 or later.
How To Fix CVE-2021-0186 On Windows:
Microsoft addressed this CVE-2021-0186 vulnerability in its July month’s security updates with Open Enclave version 0.17.1 of the SDK. Those who have installed Open Enclave version 0.17.1 with July months patches they are considered safe from SmashEx CPU attacks. However, the results are expected to be presented next month at the ACM conference.
How To Fix CVE-2021-0186 On Linux:
For Linux users, Intel released Intel SGX SDK v 2.14 and v 2.15 in July and Sep 2021 respectively. You can download the packages for your Linux distributions and install on them. Read the release notes for more information.
How To Install Intel SGX SDK On Linux?
Please refer to the Intel SGX SDK installation guide for more details.
Time needed: 10 minutes
Install Intel SGX SDK On Linux
- Update repositories in Ubuntu
Use this command to update the repositories on Ubuntu.
$ sudo apt update
- Download the Intel SGX bin package
Create a directory to hold the Intel SGX SDK file. You can keep this on your home directory as well.
$ sudo mkdir /opt/sdk/linux/installer/bin
$ cd /opt/sdk/linux/installer/bin
$ sudo wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_220.127.116.11.bin
- Install the Intel SGX bin package
Install the required packages if you don’t have them on your server. Change the permission of the downloaded SGX SDK file and set it to execution. Invoke the installation with ‘./’ upon enabling the execution permission.
$ sudo apt-get install build-essential python
$ sudo chmod +x sgx_linux_x64_sdk_18.104.22.168.bin
$ sudo ./sgx_linux_x64_sdk_22.214.171.124.bin
- Set up the needed environment variables before compiling Intel SGX installation
Run this command to set up the needed environment variables before compiling your code. Then change the directory to /opt/intel/sgxsdk/SampleCode/LocalAttestation.
$ source /opt/intel/sgxsdk/environment
$ cd /opt/intel/sgxsdk/SampleCode/LocalAttestation
- Intel SGX package built-in simulation mode
Run this command to build the code sample in Simulation mode to make sure the package works well.
$ sudo make SGX_MODE=SIM
- Compile and run each code sample in Simulation mode
Run this command to compile and run code sample in Simulation mode to make sure the package works well.
Note: For hardware build you may need to install SDK Driver and SDK PSW packages.
This is how you can fix CVE-2021-0186 the new SmashEx CPU Vulnerability on your Windows and Linux machines.
We hope this post would help you in fixing CVE-2021-0186 the new SmashEx CPU Vulnerability on your Windows and Linux machines. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.