Google Cloud Security and Project Zero researchers have identified ten security vulnerabilities in Intel Trust Domain Extensions (TDX) during a nine-month audit.
TDX is designed to protect virtual machines from various software, including the virtual-machine manager/hypervisor and other non-TD software on the platform, through hardware-isolated, virtual machines called trust domains.
The researchers reviewed the source code, documentation and design provided by Intel, and discovered various issues, including arbitrary code execution in a privileged security context, cryptographic weaknesses, temporary and permanent denial of service, and weaknesses in debug or deployment facilities.
The vulnerabilities identified during the audit included 81 potential attack vectors, ten confirmed security issues and five defence in-depth changes. Intel addressed nine of the discovered issues by changing the TDX code, while the tenth flaw required changes to the guide for writing a BIOS to support TDX. The vulnerabilities were internally assigned CVSS v3.1 scores by Intel but were not assigned CVE identifiers.
The most serious issue identified by researchers was the Exit Path Interrupt Hijacking, which can be triggered by attackers to achieve arbitrary code execution in the privileged ACM execution mode. The issue received a CVSS score of 9.3.
It was noted that only two of the security issues would be considered memory safety issues, and the most common class of security issues were logical bugs due to the complexity of Intel processors, including the TDX feature.
Google concludes that the review met its expected goals, ensuring significant security issues were resolved before the final release of Intel TDX. The audit has provided Google with a better understanding of how the TDX feature functions, which can be used to guide deployment.
The vulnerabilities were mitigated before the production release of the 4th generation Intel Xeon Scalable processors. The review also highlights the need for ongoing vigilance and continued monitoring of systems to identify and address security vulnerabilities.
