Critical Relay Attack Found in Attestation TLS Protocol: Both Intel TDX and AMD SEV-SNP Affected
Summary
Key Takeaways
A team from TU Dresden, led by Muhammad Usama Sardar, discovered a severe architecture flaw in the widely used attestation TLS protocol after two years of formal verification. The vulnerability, CVE-2026-33697 with a CVSS score of 7.5, affects both Intel TDX and AMD SEV-SNP hardware TEE platforms, surpassing recent high-profile CVEs like BadRAM (5.3) and Fabricked (5.9).
The root cause is the protocol's failure to verify server location and identity while checking software integrity. An attacker can extract TLS ephemeral private keys via physical access or side-channel attacks. Since the attestation evidence is bound to the ephemeral key rather than the TLS channel itself, the entire session can be relayed, fooling clients into communicating with a compromised machine.
Affected sectors include finance, AI, and government relying on hardware TEE compliance. The Confidential Computing Consortium (CCC) Attestation SIG rated it the highest among recent vulnerability clusters. No official patch exists; mitigations include traffic monitoring scripts and migration to SGX clusters.
Why It Matters
This vulnerability strikes at the core trust foundation of confidential computing: remote attestation. Both Intel and AMD have marketed hardware TEEs as offering verifiable security over software TEEs. This flaw completely undermines that trust at the protocol layer.
It is a control plane shift attack: control moves from the hardware enclave's integrity verification to an attacker-controlled network session. The root cause is a fundamental design flaw: the attestation evidence is loosely bound to the TLS channel, failing to account for session hijacking after key compromise. This is not a simple bug but a protocol paradigm flaw.
The vulnerability impacts both platforms simultaneously, making it impossible for a single vendor to fix. The recommendation to migrate to SGX clusters is a tacit admission that TDX and SEV-SNP are unreliable under current protocols, locking users back into Intel's legacy ecosystem.
PRO Decision
[Vendors (Competitors like NVIDIA, ARM, RISC-V)] Immediately weaponize this vulnerability to attack the trust foundation of Intel TDX and AMD SEV-SNP. Emphasize that your TEE solutions incorporate channel binding and session integrity from the design phase. Jointly push for new attestation TLS standards within CCC and IETF, framing existing deployments as obsolete and insecure.
[Enterprises (CIOs & Architects)] Initiate a zero-trust audit: re-evaluate all confidential computing workloads relying on Intel TDX and AMD SEV-SNP. Ban deployment of high-sensitivity data (e.g., core financial transactions, AI model inference) until official patches or protocol upgrades are available. Consider SGX as a temporary workaround but evaluate its performance overhead and single-vendor lock-in risk. Demand cloud providers disclose their attestation protocol implementation details and provide independent audit reports.
[Investors] This is a major industry signal exposing the fragility of the confidential computing ecosystem at the protocol layer. Short-term, be bearish on Intel and AMD TEE revenue expectations due to potential deployment delays. Long-term, look for startups offering protocol-level security innovation and vendors integrating quantum-safe and zero-trust principles. Be bullish on NVIDIA and ARM, whose newer TEE designs can adopt more robust protocols.
Get 3-5 key AI infrastructure signals weekly →
💬 Comments (0)