Hi Teaclave Community, Recently, we were notified of a re-entrancy vulnerability in the exception handling designs of some popular SGX SDKs (including Intel SGX SDK), resulting in arbitrary disclosure of enclave private memory and code-reuse attacks in SGX enclave.
The vulnerability is named as SmashEx [1]. The SmashEx attack affects several SGX runtimes with exception handling. For Intel SGX SDK, the assigned identifier is CVE-2021-0186 [2]. While the vulnerability itself is not a Teaclave flaw, we're taking proactive measures to explain and mitigate its impact on Teaclave users. ## Overview Due to the lack of atomicity primitives in SGX enclaves, an SGX enclave can be interrupted and re-entered at any time, including when it is in a state unsafe for re-entry (i.e., when it is executing a critical section). The SmashEx attack exploits such unsafe enclave re-entries happening in the exception handling mechanism in the SGX runtime. A malicious host can create an exception immediately after EENTER which causes control to be transferred to the host before the enclave stack (RSP register) has been properly set up. Then, a special ECALL (called `ECMD_EXCEPT`) to enclave will use the attacker-controlled RSP register to setup the context of the exception handler function. At last, when the host transfers control back to the enclave with ERESUME, it may execute with a stack that resides in host memory thereby enabling ROP exploits. This vulnerability can be fixed by adding extra checks on untrusted RSP when constructing the context of the exception handler. ## Affected Versions For Intel SGX SDK, the vulnerability affects all projects using the following versions. - Intel SGX SDK for Windows v2.12 and earlier - Intel SGX SDK for Linux v2.13 and earlier ## Impacts on Teaclave Teaclave SGX SDK wraps Intel SGX SDK and provides a Rust development environment. The affected Intel SGX SDK version was recommended in Rust SGX SDK v1.1.3 (which is a pre-Apache release). Therefore, people using Rust SGX SDK v1.1.3 with the vulnerable Intel SGX SDK (v2.13 and earlier) are also vulnerable. *However, the current Teaclave SGX SDK is compatible with newer Intel SGX SDK versions. Therefore, we recommend all users to upgrade to the latest Intel SGX SDK.* For Teaclave (i.e., the Teaclave FaaS platform), it uses Teaclave SGX SDK to build a confidential computing platform. Therefore, the Teaclave v0.2.0 released in March used the vulnerable Intel SGX SDK version. *However, the v0.3.0 released [3] in August has upgraded the Intel SGX SDK to v2.14 with the fix. Therefore, the latest release of Teaclave is not affected by this vulnerability.* ## Patches & Mitigations The vulnerability has been fixed in Intel SGX SDK in this patch: - Patch: https://github.com/intel/linux-sgx/commit/edfe42a517b3e4b1d81204c3cdef6da6cb35fefc Teaclave users can apply the following mitigations: - Use Teacalve SGX SDK with Intel SGX SDK for Linux version 2.14 or later - Upgrade to Teaclave 0.3.0 or later ## Acknowledgements We would like to thank Jinhua Cui, National University of Defense Technology and National University of Singapore, Shweta Shinde, ETH Zurich , Zhijingcheng Yu, National University of Singapore, and Prateek Saxena, National University of Singapore for notifying us about this issue. ## References - [1] https://jasonyu1996.github.io/SmashEx/ - [2] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548.html - [3] https://github.com/apache/incubator-teaclave/releases/tag/v0.3.0 - [SmashEx: Smashing SGX Enclaves Using Exceptions](https://arxiv.org/abs/2110.06657) - [Open Enclave SDK Elevation of Privilege Vulnerability](https://github.com/openenclave/openenclave/security/advisories/GHSA-mj87-466f-jq42) This writeup is also published on the Teaclave blog: https://teaclave.apache.org/blog/2021-10-25-security-advisory-of-smashex-and-cve-2021-0186/. Mingshen Sun Apache Teaclave (incubating) PPMC https://mssun.me --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
