A potential security vulnerability in Intel® Software Guard Extensions (SGX) enabled processors with Intel® Processor Graphics may allow information disclosure.** **Intel is releasing software and firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2019-0117
Description: Insufficient access control in protected memory subsystem for Intel® SGX for 6th, 7th, 8th, 9th Generation Intel® Core™ Processor Families; Intel® Xeon® Processor E3-1500 v5, v6 Families; Intel® Xeon® E-2100 & E-2200 Processor Families with Intel® Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Intel recommends following the steps below to address these issues:
Impacted system users:
Application Providers:
The status of available microcode can be found here.
Windows* developers can find latest SGX SDK at <https://registrationcenter.intel.com/en/forms/?productid=2614>
Linux developers can find latest SGX SDK at <https://01.org/intel-software-guard-extensions/downloads>
This issue was found internally by Intel. Intel would like to thank Artem Shishkin, Edgar Barbosa, Gabriel Negreira Barbosa, Gustavo de Castro Scotti, Jeffrey S Frizzell, Kekai Hu, Rodrigo Axel Monroy, Willem Pinckaers
, and Rodrigo Rubira Branco (BSDaemon).
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.