A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Platform may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2022-0005
Description: Sensitive information accessible by physical probing of JTAG interface for some Intel® Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
CVSS Base Score: 4.9 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N****
Product Family
|
Segment
|
Processor
|
Stepping
|
CPUID
—|—|—|—|—
6th Generation Intel® Core™ Processor Family
|
Mobile
|
06_4EH
|
3
|
406E3
1. Intel® Xeon® E processor family
2. 6th Generation Intel® Core™ Processor Family
|
1. Server Workstation Embedded
2. Mobile Desktop
|
06_5EH
|
3
|
506E3
3rd Gen Intel® Xeon® Scalable processor family
|
Server
|
06_6AH
|
4, 5, 6
|
606AX
10th Generation Intel® Core™ Processor Family
|
Mobile
|
06_7EH
|
5
|
706E5
8th Generation Intel® Core™ Processor Family
7th Generation Intel® Core™ Processor Family
|
Mobile
|
06_8EH
|
9
|
806E9
8th Generation Intel® Core™ Processor Family
|
Mobile
|
06_8EH
|
A
|
806EA
8th Generation Intel® Core™ Processors
|
Mobile
|
06_8EH
|
B
|
806EB
8th Generation Intel® Core™ Processors
10th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor 5000 Series
|
Mobile
|
06_8EH
|
C
|
806EC
1, 2. 7th Generation Intel® Core™ Processor Family
3. 8th Generation Intel® Core™ Processor Family
3. Intel® Pentium® Processor Family
4. Intel® Core™ X-series Processors
5. Intel® Xeon® E processor family
|
1. Desktop Embedded
2. Mobile Embedded
3. Mobile
4. Desktop
5. Server Workstation Embedded
|
06_9EH
|
9
|
906E9
1. 8th Generation Intel® Core™ Processor Family
2. Intel® Xeon® E processor family
3. 8th Generation Intel® Core™ Processor Family
4. 8th Generation Intel® Core™ Processor Family
|
1. Mobile
2. Workstation AMT Server
3,4. Desktop
|
06_9EH
|
A
|
906EA
8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series
|
Desktop
|
06_9EH
|
B
|
906EB
9th Generation Intel® Core™ Processor Family
|
Desktop
|
06_9EH
|
C
|
906EC
1, 2. 9th Generation Intel® Core™ Processor Family
3. Intel® Xeon® E processor family
|
1. Mobile
2. Desktop
3. Workstation AMT Server
|
06_9EH
|
D
|
906ED
10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family
|
Mobile
Workstation
|
06_A5H
|
2
|
A0652
10th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Family
Intel® Celeron® Processor Family
Intel® Xeon® W processor family
|
Desktop Workstation
|
06_A5H
|
3
|
A0653
10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family
|
Desktop Workstation
|
06_A5H
|
5
|
A0655
10th Generation Intel® Core™ Processor Family
|
Mobile
|
06_A6H
|
1
|
A0660
10th Generation Intel® Core™ Processor Family
Intel® Xeon® W processor family
|
Mobile Desktop
|
06_A6H
|
<=1
|
A0661
11th Generation Intel® Core™ Processor Family
|
Desktop
|
06_A7H
|
1
|
A0671
Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.
Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:
GitHub*: Public Github: <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files>__
This CVE requires a Microcode Security Version Number (SVN) update. To address this issue, an Intel SGX TCB Recovery is planned. Details can be found here.
Refer to Intel SGX Attestation Technical Details for more information on the Intel SGX TCB recovery process.
Further TCB Recovery Guidance for developers is available.
The following issue was found internally by Intel employees. Intel would like to thank Ilya Alexandrovich for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.