Gramine Interface Vulnerability Leading to Denial-of-Service

A vulnerability in Gramine prior to commit a390e33e16ed374a40de2344562a937f289be2e1 allows for a denial-of-service condition due to improper handling of software signals and hardware exceptions. The issue arises in the PAL/Linux-SGX component, where the exception handler fails to verify that untrusted software signals correspond to trusted hardware exceptions. This oversight can result in the application receiving injected signals that do not accurately reflect the enclave's state, potentially causing the application to mismanage real memory faults.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, where the application becomes unresponsive due to improper handling of memory faults.

Reproduction

The vulnerability can be reproduced by running a Gramine application in an Intel SGX environment. The application must be configured to use the SGX EXINFO feature, which forces the CPU to report benign page faults to the SGX enclave. When a benign page fault occurs, Gramine should ignore it. However, if the host injects a PAL_EVENT_MEMFAULT signal in response to a benign page fault, Gramine will mistakenly treat it as a real memory fault that needs to be addressed. This misinterpretation can cause the application to get stuck, waiting for a response to the perceived memory fault, thereby creating a denial-of-service condition.

Remediation

Users can update to the latest version of Gramine, which includes a commit that addresses this vulnerability by enhancing the verification process of software signals against hardware exceptions. Instructions for updating Gramine can be found in the project's official documentation.