2022.1 IPU - Intel® SGX Advisory

Summary:

A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Platform may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-0005

Description: Sensitive information accessible by physical probing of JTAG interface for some Intel® Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N****

Affected Products:

Product Family

|

Segment

|

Processor

|

Stepping

|

CPUID

—|—|—|—|—

6th Generation Intel® Core™ Processor Family

|

Mobile

|

06_4EH

|

3

|

406E3

1. Intel® Xeon® E processor family
2. 6th Generation Intel® Core™ Processor Family

|

1. Server Workstation Embedded
2. Mobile Desktop

|

06_5EH

|

3

|

506E3

3rd Gen Intel® Xeon® Scalable processor family

|

Server

|

06_6AH

|

4, 5, 6

|

606AX

10th Generation Intel® Core™ Processor Family

|

Mobile

|

06_7EH

|

5

|

706E5

8th Generation Intel® Core™ Processor Family

7th Generation Intel® Core™ Processor Family

|

Mobile

|

06_8EH

|

9

|

806E9

8th Generation Intel® Core™ Processor Family

|

Mobile

|

06_8EH

|

A

|

806EA

8th Generation Intel® Core™ Processors

|

Mobile

|

06_8EH

|

B

|

806EB

8th Generation Intel® Core™ Processors
10th Generation Intel® Core™ Processor Family

Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor 5000 Series

|

Mobile

|

06_8EH

|

C

|

806EC

1, 2. 7th Generation Intel® Core™ Processor Family
3. 8th Generation Intel® Core™ Processor Family
3. Intel® Pentium® Processor Family
4. Intel® Core™ X-series Processors
5. Intel® Xeon® E processor family

|

1. Desktop Embedded
2. Mobile Embedded
3. Mobile
4. Desktop
5. Server Workstation Embedded

|

06_9EH

|

9

|

906E9

1. 8th Generation Intel® Core™ Processor Family
2. Intel® Xeon® E processor family
3. 8th Generation Intel® Core™ Processor Family
4. 8th Generation Intel® Core™ Processor Family

|

1. Mobile
2. Workstation AMT Server
3,4. Desktop

|

06_9EH

|

A

|

906EA

8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series

|

Desktop

|

06_9EH

|

B

|

906EB

9th Generation Intel® Core™ Processor Family

|

Desktop

|

06_9EH

|

C

|

906EC

1, 2. 9th Generation Intel® Core™ Processor Family
3. Intel® Xeon® E processor family

|

1. Mobile
2. Desktop
3. Workstation AMT Server

|

06_9EH

|

D

|

906ED

10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family

|

Mobile
Workstation

|

06_A5H

|

2

|

A0652

10th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Family
Intel® Celeron® Processor Family
Intel® Xeon® W processor family

|

Desktop Workstation

|

06_A5H

|

3

|

A0653

10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family

|

Desktop Workstation

|

06_A5H

|

5

|

A0655

10th Generation Intel® Core™ Processor Family

|

Mobile

|

06_A6H

|

1

|

A0660

10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family

|

Mobile Desktop

|

06_A6H

|

<=1

|

A0661

11th Generation Intel® Core™ Processor Family

|

Desktop

|

06_A7H

|

1

|

A0671

Recommendations:

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:

GitHub*: Public Github: <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files&gt;__

This CVE requires a Microcode Security Version Number (SVN) update. To address this issue, an Intel SGX TCB Recovery is planned. Details can be found here.

Refer to Intel SGX Attestation Technical Details for more information on the Intel SGX TCB recovery process.

Further TCB Recovery Guidance for developers is available.

Acknowledgements:

The following issue was found internally by Intel employees. Intel would like to thank Ilya Alexandrovich for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.