Vulnerabilites related to intel - software_guard_extensions_data_center_attestation_primitives
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:16
Severity ?
Summary
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
intel | software_guard_extensions | * | |
intel | software_guard_extensions_data_center_attestation_primitives | * | |
linux | linux_kernel | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A627E81-B337-43A4-8A2B-51ECB2452F8D", "versionEndExcluding": "2.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:intel:software_guard_extensions_data_center_attestation_primitives:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC4DB445-2F3F-4B50-AEF7-C8F778CBE66F", "versionEndExcluding": "1.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." }, { "lang": "es", "value": "La comprobaci\u00f3n de entrada insuficiente en el controlador SGX de Intel\u00ae para Linux puede permitir a un usuario autenticado habilitar potencialmente una denegaci\u00f3n de servicio por medio del acceso local." } ], "id": "CVE-2019-0157", "lastModified": "2024-11-21T04:16:22.333", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-13T16:29:00.810", "references": [ { "source": "secure@intel.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108771" }, { "source": "secure@intel.com", "url": "https://support.f5.com/csp/article/K10244523" }, { "source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K10244523" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" } ], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-12 18:15
Modified
2024-11-21 05:39
Severity ?
Summary
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
intel | software_guard_extensions_data_center_attestation_primitives | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intel:software_guard_extensions_data_center_attestation_primitives:*:*:*:*:*:*:*:*", "matchCriteriaId": "23715BB8-A88E-49AA-A069-3B1AECD4E8A8", "versionEndExcluding": "1.6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access." }, { "lang": "es", "value": "Una comprobaci\u00f3n de condiciones inapropiadas en el software Intel\u00ae SGX DCAP versiones anteriores a 1.6, puede habilitar a un usuario no autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso adyacente" } ], "id": "CVE-2020-8766", "lastModified": "2024-11-21T05:39:24.127", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-11-12T18:15:18.423", "references": [ { "source": "secure@intel.com", "tags": [ "Vendor Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398" } ], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CVE-2020-8766 (GCVE-0-2020-8766)
Vulnerability from cvelistv5
Published
2020-11-12 18:10
Modified
2024-08-04 10:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SGX DCAP software |
Version: before version 1.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:12:10.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) SGX DCAP software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access." } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-12T18:10:07", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2020-8766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) SGX DCAP software", "version": { "version_data": [ { "version_value": "before version 1.6" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-8766", "datePublished": "2020-11-12T18:10:07", "dateReserved": "2020-02-06T00:00:00", "dateUpdated": "2024-08-04T10:12:10.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-0157 (GCVE-0-2019-0157)
Vulnerability from cvelistv5
Published
2019-06-13 15:36
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SGX for Linux |
Version: Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:44:14.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108771" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K10244523" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) SGX for Linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-25T17:06:06", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108771" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K10244523" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0157", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) SGX for Linux", "version": { "version_data": [ { "version_value": "Intel(R) SGX Linux client driver before 2.5 and Intel(R) SGX DCAP Linux driver before 1.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "name": "108771", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108771" }, { "name": "https://support.f5.com/csp/article/K10244523", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K10244523" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0157", "datePublished": "2019-06-13T15:36:25", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2024-08-04T17:44:14.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }