Vendor response
We reported this issue to Intel and a CVE number (CVE-2022-27499) has been assigned.
We reported this issue to Intel and a CVE number (CVE-2022-27499) has been assigned.
Here are screenshots of the confirmation by Inte PSIRT and the corresponding Product Team. Intel has released a new version of SGX SDK (2.18) to mitigate this issue.
Here are screenshots of the confirmation by Inte PSIRT and the corresponding Product Team. Intel has released a new version of SGX SDK (2.18) to mitigate this issue.
Patch
Intel has released a patch to allow users to use a larger cache size, which leads to a reduced frequency of cache eviction and, thus, fewer transient snapshot generations. It is understandable that Intel adopts a strategy requiring minimal engineering effort.
Unfortunately, this approach is not ideal, as it only reduces the occurrence of transient snapshots without eliminating them entirely.