Vulnerabilites related to intel - software_guard_extensions
CVE-2023-38023 (GCVE-0-2023-38023)
Vulnerability from cvelistv5
Published
2023-12-30 00:00
Modified
2024-11-20 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:23:27.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sconedocs.github.io/release5.7/" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76" }, { "tags": [ "x_transferred" ], "url": "https://sconedocs.github.io/release5.8/" }, { "tags": [ "x_transferred" ], "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38023", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T17:41:57.720662Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T17:42:52.840Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-30T02:31:43.828482", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sconedocs.github.io/release5.7/" }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2" }, { "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" }, { "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76" }, { "url": "https://sconedocs.github.io/release5.8/" }, { "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-38023", "datePublished": "2023-12-30T00:00:00", "dateReserved": "2023-07-11T00:00:00", "dateUpdated": "2024-11-20T17:42:52.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-33135 (GCVE-0-2021-33135)
Vulnerability from cvelistv5
Published
2022-05-12 16:35
Modified
2025-05-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SGX |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-33135", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T13:20:57.844666Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-05T16:48:09.235Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Intel(R) SGX", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T16:35:46.000Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2021-33135", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) SGX", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2021-33135", "datePublished": "2022-05-12T16:35:46.000Z", "dateReserved": "2021-05-18T00:00:00.000Z", "dateUpdated": "2025-05-05T16:48:09.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-3689 (GCVE-0-2018-3689)
Vulnerability from cvelistv5
Published
2018-04-03 16:00
Modified
2024-09-17 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Guard Extensions Platform Software Component for Linux |
Version: before 2.1.102 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:50:30.324Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685355" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Guard Extensions Platform Software Component for Linux", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "before 2.1.102" } ] } ], "datePublic": "2018-03-16T00:00:00", "descriptions": [ { "lang": "en", "value": "AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-19T17:55:47", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685355" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-03-16T00:00:00", "ID": "CVE-2018-3689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Guard Extensions Platform Software Component for Linux", "version": { "version_data": [ { "version_value": "before 2.1.102" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdrdv2.intel.com/v1/dl/getContent/685355", "refsource": "CONFIRM", "url": "https://cdrdv2.intel.com/v1/dl/getContent/685355" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-3689", "datePublished": "2018-04-03T16:00:00Z", "dateReserved": "2017-12-28T00:00:00", "dateUpdated": "2024-09-17T00:10:43.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-0157 (GCVE-0-2019-0157)
Vulnerability from cvelistv5
Published
2019-06-13 15:36
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SGX for Linux |
Version: Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:44:14.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108771" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K10244523" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) SGX for Linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-25T17:06:06", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108771" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K10244523" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0157", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) SGX for Linux", "version": { "version_data": [ { "version_value": "Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108771" }, { "name": "https://support.f5.com/csp/article/K10244523", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K10244523" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0157", "datePublished": "2019-06-13T15:36:25", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2024-08-04T17:44:14.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2018-04-03 16:29
Modified
2024-11-21 04:05
Severity ?
Summary
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.
References
▶ | URL | Tags | |
---|---|---|---|
secure@intel.com | https://cdrdv2.intel.com/v1/dl/getContent/685355 | Broken Link, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cdrdv2.intel.com/v1/dl/getContent/685355 | Broken Link, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
intel | software_guard_extensions | - | |
linux | linux_kernel | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B40511C-A841-4E8F-B081-0451B20C67CA", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "475FF703-319B-4646-B477-8AD1088DCCEE", "versionEndExcluding": "2.1.102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM." }, { "lang": "es", "value": "El demonio AESM en Intel Software Guard Extensions Platform Software Component para Linux, en versiones anteriores a la 2.1.102, puede ser deshabilitado por un atacante local que cree una denegaci\u00f3n de servicios (DoS) como la atestaci\u00f3n remota proporcionada por el AESM." } ], "id": "CVE-2018-3689", "lastModified": "2024-11-21T04:05:53.730", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-04-03T16:29:00.360", "references": [ { "source": "secure@intel.com", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685355" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "https://cdrdv2.intel.com/v1/dl/getContent/685355" } ], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-12 17:15
Modified
2025-05-05 17:17
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
References
▶ | URL | Tags | |
---|---|---|---|
secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html | Product, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html | Product, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
intel | software_guard_extensions | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions:*:*:*:*:*:linux:*:*", "matchCriteriaId": "B4FB1D68-2743-4F4A-8899-29626373BCA9", "versionEndIncluding": "2.14", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access." }, { "lang": "es", "value": "Un consumo no controlado de recursos en los controladores del kernel de Linux para Intel(R) SGX puede permitir que un usuario autenticado permita potencialmente la denegaci\u00f3n de servicio por medio del acceso local" } ], "id": "CVE-2021-33135", "lastModified": "2025-05-05T17:17:23.343", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2022-05-12T17:15:09.490", "references": [ { "source": "secure@intel.com", "tags": [ "Product", "Vendor Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product", "Vendor Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html" } ], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-30 03:15
Modified
2024-11-21 08:12
Severity ?
Summary
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 | Not Applicable, Third Party Advisory | |
cve@mitre.org | https://jovanbulck.github.io/files/oakland24-pandora.pdf | Technical Description | |
cve@mitre.org | https://sconedocs.github.io/release5.7/ | Release Notes | |
cve@mitre.org | https://sconedocs.github.io/release5.8/ | Release Notes | |
cve@mitre.org | https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html | Not Applicable, Third Party Advisory | |
cve@mitre.org | https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2 | Not Applicable, Third Party Advisory | |
cve@mitre.org | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html | Not Applicable, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 | Not Applicable, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jovanbulck.github.io/files/oakland24-pandora.pdf | Technical Description | |
af854a3a-2127-422b-91ae-364da2661108 | https://sconedocs.github.io/release5.7/ | Release Notes | |
af854a3a-2127-422b-91ae-364da2661108 | https://sconedocs.github.io/release5.8/ | Release Notes | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html | Not Applicable, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2 | Not Applicable, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html | Not Applicable, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
scontain | scone | * | |
intel | software_guard_extensions | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACF15B4C-DE86-40B0-9CE7-C9042533D45B", "versionEndExcluding": "5.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B40511C-A841-4E8F-B081-0451B20C67CA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an \"AEPIC Leak.\"" }, { "lang": "es", "value": "Se descubri\u00f3 un problema en SCONE Confidential Computing Platform anterior a 5.8.0 para Intel SGX. La falta de l\u00f3gica de alineaci\u00f3n de puntero en __scone_dispatch y otras funciones de entrada permite que un atacante local acceda a informaci\u00f3n no autorizada, tambi\u00e9n conocida como \"fuga AEPIC\"." } ], "id": "CVE-2023-38023", "lastModified": "2024-11-21T08:12:41.573", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-30T03:15:08.413", "references": [ { "source": "cve@mitre.org", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76" }, { "source": "cve@mitre.org", "tags": [ "Technical Description" ], "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://sconedocs.github.io/release5.7/" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://sconedocs.github.io/release5.8/" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description" ], "url": "https://jovanbulck.github.io/files/oakland24-pandora.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://sconedocs.github.io/release5.7/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://sconedocs.github.io/release5.8/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:16
Severity ?
Summary
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
References
▶ | URL | Tags | |
---|---|---|---|
secure@intel.com | http://www.securityfocus.com/bid/108771 | Third Party Advisory, VDB Entry | |
secure@intel.com | https://support.f5.com/csp/article/K10244523 | ||
secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108771 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K10244523 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
intel | software_guard_extensions | * | |
intel | software_guard_extensions_data_center_attestation_primitives | * | |
linux | linux_kernel | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A627E81-B337-43A4-8A2B-51ECB2452F8D", "versionEndExcluding": "2.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:intel:software_guard_extensions_data_center_attestation_primitives:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC4DB445-2F3F-4B50-AEF7-C8F778CBE66F", "versionEndExcluding": "1.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." }, { "lang": "es", "value": "La comprobaci\u00f3n de entrada insuficiente en el controlador SGX de Intel\u00ae para Linux puede permitir a un usuario autenticado habilitar potencialmente una denegaci\u00f3n de servicio por medio del acceso local." } ], "id": "CVE-2019-0157", "lastModified": "2024-11-21T04:16:22.333", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-13T16:29:00.810", "references": [ { "source": "secure@intel.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108771" }, { "source": "secure@intel.com", "url": "https://support.f5.com/csp/article/K10244523" }, { "source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K10244523" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" } ], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }