We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture
Discover the newly discovered AEPIC Leak vulnerability in Intel CPUs, allowing architectural leaking of uninitialized data from the microarchitecture, affecting most recent CPUs and enabling data leakage from registers, enclave pages, and encryption keys.
- Epic Leak is a newly discovered vulnerability in Intel CPUs that allows for architectural leaking of uninitialized data from the microarchitecture.
- The vulnerability affects most recent Intel CPUs, including 10th, 11th, and 12th generation CPUs.
- It can be exploited without hyper-threading, but it is stronger when combined with hyper-threading.
- The attack can be used to leak data from registers, enclave pages, and even encryption keys.
- The super queue is a decoupling buffer that plays a crucial role in the attack.
- Cache line freezing is a technique used to precisely target cache lines and leak secret information.
- Enclave shaking is another technique used to combine multiple attacks and leak more data.
- Intel SGX is a software guard extension that aims to provide a secure environment for enclaves, but it has limitations and can be vulnerable to attacks like Epic Leak.
- The attack can be mitigated by disabling hyper-threading and using patches that flush the super queue on SGX transitions.
- The vulnerability can be exploited by accessing the Epic MMIO registers in an unaligned manner, which can cause undefined behavior and leak data.
- The attack is simple to execute and can be done by reading from the Epic MMIO registers in an unaligned manner.
- The vulnerability can be exploited by both software and hardware attackers.
- The attack can be used to target SGX enclaves and leak secret information, including encryption keys.
- The vulnerability has been publicly disclosed and is not specific to any particular software or firmware.
- The attack can be used to target various types of data, including register values, enclave pages, and encryption keys.
- The vulnerability is a result of the design of the Epic MMIO registers and the super queue.