A potential security vulnerability in Intel® Software Guard Extensions (SGX) Software Development Kit (SDK)applications compiled for SGX2-enabled processors may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2021-0186
Description: Improper input validation in the Intel® SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Intel SGX SDK for Windows v2.12 and earlier.
Intel SGX SDK for Linux v2.13 and earlier.
Intel® Processors supporting SGX2:
Code Name
|
Product Collection
—|—
Ice Lake Xeon-SP (HCC, XCC)
|
3rd Gen Intel® Xeon® Scalable processor family
Ice Lake
|
10th Generation Intel® Core™ Processor Family
Gemini Lake
|
Intel® Pentium® Processor Silver Series, Intel® Celeron® Processor J Series, Intel® Celeron® Processor N Series
Intel recommends updating the Intel® SGX SDK to the versions listed below. Enclaves built with the new Intel® SGX SDK version should increment the value of their ISVSVN field.
Intel® SGX SDK for Windows to version 2.13 or later: <https://registrationcenter.intel.com/en/products/download/3407/>
Intel® SGX SDK for Linux to version 2.14 or later: <https://01.org/intel-software-guard-extensions/downloads>
Intel would like to thank Jinhua Cui, National University of Defense Technology and National University of Singapore, Shweta Shinde, ETH Zurich , Zhijingcheng Yu, National University of Singapore, and Prateek Saxena, National University of Singapore for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.