Identified in early May 2021 by academics from the Swiss Federal Institute of Technology Zurich, the National University of Singapore, the National University of Defense Technologies of China CVE-2021-0186
The vulnerability takes advantage of SGX technology in Intel processors.
S, which is the origin of the vulnerability called GX (Software Guard eXtensions) is actually a security feature that Intel introduced with its Skylake processors. It allows a variety of applications to be run in an isolated memory space, ensuring that some critical data remains safe even if the system is hacked.
The vulnerability developed by the researchers is the design benefit of SGX. “Enclave Memory Access”
It works with an unusual exploit of the structure. Thus, the critical data in the addresses that need to be secured can be accessed by the attackers.
Intel immediately addressed this issue as soon as it became aware of the vulnerability and released security patches for Windows to Linux systems with the SGX SDK versions 2.13 and 2.14. Microsoft addressed this issue in July 2021 for the Open-Enclave. The researchers are expected to present at the ACM Information Security Conference on this vulnerability.
Let’s underline that the SmashEx vulnerability is not enough to concern end users at the moment, and zafiyedollarserin has already been closed.