Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0315 INTEL-SA-00219 - Intel SGX with Intel Processor Graphics Update Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Core processor Intel Xeon Processor Operating System: Linux variants Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0117 Member content until: Friday, December 13 2019 OVERVIEW Intel has discovered vulnerabilities in the following products: o Intel Core processor o Intel Xeon Processor [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00219 Advisory Category: Firmware, Software Impact of vulnerability : Information Disclosure Severity rating : MEDIUM Original release: 11/12/2019 Last revised: 11/12/2019" [1] "CVEID: CVE-2019-0117 Description: Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. CVSS Base Score: 6.0 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" [1] MITIGATION Intel recommends: "Impacted system users: o Ensure the latest BIOS from your system provider and Intel SGX platform software (PSW) is installed. o Disable integrated processor graphics where they are not used (usually server). o Where integrated processor graphics are required, get updated SGX application(s) from your SGX application provider(s). Application Providers: o Organize the code/data within enclave memory to avoid putting sensitive materials in DWORD0 and DWORD1 of cache line. The effectiveness of this mitigation is dependent on the ability for the software to avoid the affected memory region. To assist the enclave application providers to modify their code, Intel is releasing SGX SDK update (Windows version 2.5.101.3, Linux version 2.7.101.3) with new memory allocation APIs to avoid the affected memory region. More details about the APIs can be found here . o Increase the Security Version Number (ISVSVN) of the enclave application to reflect that these modifications have been put in place. o For existing solutions which utilize Remote Attestation (IAS), please refer to Intel SGX Attestation Technical Details to determine whether you may need to implement changes to your SGX application for SGX attestation service." [1] REFERENCES [1] INTEL-SA-00219 - Intel SGX with Intel Processor Graphics Update Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIUAwUBXctxVmaOgq3Tt24GAQgpuA/40S18wEVPZQM8CEUBT535gBb2k8mlhXK0 lAUYLfzQcYwddb2+DG0nL7Nvp4rNs+TWydzjGeToHcoy4Q8lDbm9ednijhxudxEk HYZQLqIqed7VP8dJ5eb/A6zqa6ppN6EAk2su8EQUbX5m3RITJaJQQHj8S5Tuii+9 THQmSL35/tH5HnmJsLFeoldfLRELWZwDGRbvEAKljzXUzu7G8L3d6gU/umzTXl7w Yt8NjYIGYqpcotWbzoYJFPLtC67C63oYRXUC9xcboCwMsHsVDB674q57dpBLLKlz Jk7nCePVFEzK7yCxul5bihopqd97QRBi5XEc7OEapce3NEoGhH6MBNc8O0JAxbnT r0RHxbm0YsC4wY9mqeTr6ex6BbL00fwb1gc3EvU5TlLOol11cdxIagJEYJp9Q8cH wvqG2r5Kw8tzZR0gm1V4uSXOZ9TmdAsSAqEqizrbrpSAa3eyNhjMQAeIpfE8J0g/ QBbcY3OsLQUpjVmdw85n9t78iVECl1SFIVfuf3iQ1V+1qrrtNgb6bNeajzfKsV6F N+eR5P8MTw2yVDERPfQLtrP1CJgM4LJZieB5X5TxlpiBiovBtS2920wKaVbGwOo4 qXu5LhRFCJV0NyItaCo7qOff4ELyxygGpv3QtvnYxJYLHx/N1LRApWxGSqkxr3Z2 gQVyzmt5kw== =lxzw -----END PGP SIGNATURE-----