The latest security information on Intel® products.

Announcement ID:

2024-10-08-001

Issue:

On October 8, 2024, researchers from University of Lübeck published a paper titled “TDXDown: Single-Stepping and Instruction Counting Attacks against Intel TDX”. Researchers describe what they characterize as two potential vulnerabilities in defense-in-depth features in Intel® Trust Domain Extensions (TDX); claiming that these limitations may make it easier for an attacker with full control of the Virtual Machine Manager (VMM) to exploit vulnerabilities that already exist in cryptographic software running in an Intel TDX Trust Domain (TD). 

Intel’s analysis is that the first technique described in the paper violates the intended purpose of the specific defense-in-depth feature that may allow partial information disclosure and we have updated the feature in Intel TDX module version 1.5.06. 

Researchers demonstrated exploitation of specific open source cryptographic libraries but it should be noted that these libraries contained exploitable vulnerabilities that need to be addressed by their respective maintainers. These vulnerabilities are independent of Intel TDX and may be exploitable in non-TDX environments.  

Their paper also described a second technique referred to as StumbleStepping which allows the inference of the number of instructions which have been executed by the TD. Intel does not consider this technique to be in the scope of the defense-in-depth mechanisms. There is no assigned CVE or CVSS score for the StumbleStepping issue.

Resolution/Recommendations:

This issue, with a CVSS 3.1 severity score of 2.5 (low), represents very little risk in real world environments but Intel recommends customers install TDX module 1.5.06 (or later) which contains an updated defense-in-depth mechanism to address the weakness described in the paper. Intel also recommends customers keep third party cryptographic libraries they may be using up to date. 

Additional resources:

INTEL-SA-01099

Intel TDX Documentation