Bug 2115640 (CVE-2022-21233) - CVE-2022-21233 hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability
Summary: CVE-2022-21233 hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability
Keywords:
Status: NEW
Alias: CVE-2022-21233
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2115641 2115642 2115643 2115644 2115646 2115647 2115648 2115649 2115650 2115651 2115652 2115653 2115654 2115655 2115656 2115657 2115658 2115659 2115660 2115661 2115662 2115663 2115664 2115665 2115666 2115667 2117009 2119079 2119080
Blocks: 2115639
TreeView+ depends on / blocked
 
Reported: 2022-08-05 05:39 UTC by Rohit Keshri
Modified: 2023-10-03 02:22 UTC (History)
54 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. When reading the APIC configuration page with an unaligned read from the MMIO page, the registers may return stale data from previous requests made by the same processor core to the same configuration page, leading to unauthorized access.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2022-08-05 05:39:01 UTC
The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible
for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate
in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a
memory-mapped I/O (MMIO) page.

On some processors, incorrectly aligned reads from addresses in the xAPIC MMIO page could return
stale data, which may correspond to data previously accessed by the same processor core that is
reading the xAPIC page. Note that naturally aligned 8-byte loads are not affected by this behavior. Intel
recommends that operating systems (OSes) and virtual machine monitors (VMMs) enable x2APIC mode,
which disables the xAPIC MMIO page and instead exposes APIC registers through model-specific
registers (MSRs). This mitigates the issue. Note that APIC virtualization is not affected; this behavior only
applies to access to the physical xAPIC MMIO page.

Intel® Software Guard Extensions (Intel® SGX) includes a strong threat model that identifies all software
running outside an Intel SGX enclave as untrusted, including the OS/VMM. As a result, Intel SGX
enclaves cannot assume the OS/VMM will enable x2APIC mode. Intel has provided a microcode update
(MCU) to mitigate potential exposure of secret stale data by clearing buffers when an LP exits an
enclave. This mitigation assumes that Intel® Hyper-Threading Technology (Intel® HT Technology) is
disabled, as documented in the Processor MMIO Stale Data vulnerabilities technical article.
~~~
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
~~~

Although this MCU mitigates potential exposure of data after an LP exits an enclave, enclave data could
also be exposed when an enclave reads data from outside its own linear memory range (ELRANGE). This
may occur when a malicious OS/VMM maps the xAPIC into an enclave-accessible page outside of
ELRANGE. If the enclave unintentionally accesses the xAPIC in an attempt to read memory, it may
receive stale enclave data instead of the data that it had attempted to read. The enclave may then
unintentionally perform an operation that could allow an attacker to infer this data.

Intel is providing an updated Intel SGX Software Development Kit (SDK) that helps mitigate potential
exposure under this scenario. The updated SDK reads data from outside the enclave’s ELRANGE at a
size and alignment of 8 bytes. It also provides new programming interfaces that can be used by
developers to ensure that enclave application code reads data from outside the enclave’s ELRANGE at a
minimum alignment of 8 bytes. Some enclave developers may choose to update their Intel® SGX
software once the updated SDK is available. In the future, Intel expects to provide an additional MCU to
prevent secret stale data from potentially being exposed in this manner, with or without the software
mitigations provided by the updated Intel SGX SDK.

Intel is not aware of any impact to system management mode (SMM). Existing guidance for protecting
SMM secrets continues to apply. Notably, when Intel HT Technology is enabled, SMM secrets to be
protected against an OS adversary should be accessed only after LPs rendezvous. These secrets should
not be accessed after the point where LPs may start leaving SMM.

Comment 4 Todd Cullum 2022-08-09 18:14:43 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2117009]


Note You need to log in before you can comment on or make changes to this bug.