Lucene search

PRIOn knowledge basePRION:CVE-2023-38022

HistoryDec 30, 2023 - 3:15 a.m.

Null pointer dereference

2023-12-3003:15:00

PRIOn knowledge base

www.prio-n.com

fortanix enclaveos

ccm platform

3.29 version

intel sgx

vulnerability

insufficient pointer validation

unauthorized information access

strlen

sgx_is_within_user

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.

CPENameOperatorVersion
confidential_computing_managerlt3.29

CPE	Name	Operator	Version
	confidential_computing_manager	lt	3.29

References

jovanbulck.github.io/files/ccs19-tale.pdf

jovanbulck.github.io/files/oakland24-pandora.pdf