ÆPIC Leak — Flaws in Intel CPU that Leaks Sensitive Data

A couple of researchers from Sapienza University of Rome and Graz University of Technology have discovered a new vulnerability dubbed "ÆPIC Leak", a bug able to architecturally disclose sensitive data from Intel CPU.

According to the researcher, ÆPIC Leak (CVE-2022-21233) is the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. ÆPIC Leak works on all recent Sunny-Cove-based Intel CPUs (i.e., Ice Lake and Alder Lake). It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. ÆPIC Leak samples data transferred between the L2 and last-level cache, including SGX enclave data, from the super queue.

The researcher explained that ÆPIC Leak affects 10th, 11th, and 12th generation Intel CPUs, where the undefined range in the APIC MMIO region returns stale data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th, and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy.

In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is different from them as it is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel.

Traditional applications are not affected by the ÆPIC Leak, as it requires access to the physical APIC MMIO page which can be achieved only with high privilege access.  Regarding the virtual machine, the researcher confirms that APIC virtualization (Intel APICv) is not affected by ÆPIC Leak, as Virtual Machines have no access to physical memory since no hypervisor allows it.

Furthermore, the researcher explains a privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC leaks. However, systems relying on SGX to protect data from privileged attackers would be at risk, and thus, have to be patched.

The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to processors. The APIC can operate in xAPIC mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page.

ÆPIC Leak is *not* a transient execution attack: it is a bug in the CPU itself. Researchers demonstrate how it precisely allows an attacker to fully dump the data from a protected SGX enclave in seconds.

Check whether your system is affected or NOT.

The researcher provided the proof of concept exploit code for the ÆPIC Leak that can read stale data, which may correspond to data previously accessed by the same processor core.

You can find more technical details about the ÆPIC Leak in the research paper [PDF].