Intel® SGX Platform Advisory

Summary:

A potential security vulnerability in the Intel® Software Guard Extensions (SGX) may allow information disclosure.** **Intel released firmware updates to mitigate this potential

Vulnerability Details:

CVEID: CVE-2020-24491

Description: Debug message containing addresses of memory transactions in some Intel® 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Affected Products:

Some 10th Generation Intel® Core™ Processors:

• Intel® Core™ Processor i7-1060G7, i7-1065G7
• Intel® Core™ Processor i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7
• Intel® Core™ Processor i3-1000G1, i3-1000G4, i3-1005G1

Recommendations:

Intel recommends that users of Intel server products listed above update to the latest firmware version provided by the system manufacturer that addresses these issues.

Microcode updates for Linux users are available here:

<https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files&gt;

Acknowledgements:

This issue was found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.