This is _bananas_.<p>- Unlike previous speculative execution attacks against SGX, this extracts memory "in parallel" to SGX, instead of attacking the code running in SGX directly. It always works: it doesn't require the SGX code to run and it doesn't require it to have any particular speculative execuction vulnerability. This also means existing mitigations like retpolines don't work.<p>- It lets you extract the sealing key and remote attestation. That's about as bad as it gets.<p>- The second attack that fell out of this allows you to read arbitrary L1 cache memory, across kernel-userspace or even VM lines (and even reading ring -2 aka SMM).<p>If there was any doubt left that speculative execution bugs were an entire new class and not just a one-off gimmick...
AWS bulletin: <a href="https://aws.amazon.com/security/security-bulletins/AWS-2018-019/" rel="nofollow">https://aws.amazon.com/security/security-bulletins/AWS-2018-...</a><p>Amazon Linux bulletin: <a href="https://alas.aws.amazon.com/ALAS-2018-1058.html" rel="nofollow">https://alas.aws.amazon.com/ALAS-2018-1058.html</a><p>TL;DR: AWS is patched. Go update your kernel (especially if you run other people's code).