Vulnerability Details : CVE-2023-37479
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.
Products affected by CVE-2023-37479
- cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37479
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37479
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-37479
-
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-37479
-
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/mxcsr-configuration-dependent-timing.html
Access DeniedTechnical Description
-
https://github.com/openenclave/openenclave/commit/ca54623333875b9beaad92c999a92b015c44b079
Security fix for AC flag poisoning and MCDT · openenclave/openenclave@ca54623 · GitHubPatch
-
https://github.com/openenclave/openenclave/security/advisories/GHSA-5gfr-m6mx-p5w4
Improper sanitization of MXCSR and RFLAGS · Advisory · openenclave/openenclave · GitHubVendor Advisory
Jump to