11 matches found
CVE-2022-21123
CVE-2022-21123 stems from incomplete cleanup of multi-core shared buffers on some Intel processors, enabling potential information disclosure via local access by an authenticated user. The linked Astra Linux advisory and multiple Linux kernel advisories corroborate the issue and its local impact....
CVE-2022-21125
Public documentation in the provided sources does not disclose detailed technical information (affected products, root cause, or fixes) for CVE-2022-21125 beyond the general description. Monitor for updates from vendors and advisories.
CVE-2022-21166
CVE-2022-21166 is described in connected Astra Linux bulletin as an issue in incomplete cleanup in specific special register write operations for some Intel processors, potentially allowing an authenticated local user to disclose information. The description mirrors the vulnerability text in the ...
CVE-2022-21127
CVE-2022-21127 involves incomplete cleanup in specific Intel processor special register read operations, potentially enabling information disclosure to an authenticated local user. The vulnerability is associated with Intel microcode issues and has been referenced in multiple advisories (e.g., De...
CVE-2021-0001
CVE-2021-0001 concerns an observable timing discrepancy in Intel IPP prior to 2020 update 1 that may allow an authorized user to disclose information via local access. The Red Hat/NVD/OSV/NCSC entries confirm IPP and SGX involvement. Intel’s advisory (Intel-SA-00477) states mitigations: update IP...
CVE-2021-0186
CVE-2021-0186 involves an improper input validation in Intel\u00ae SGX SDK applications compiled for SGX2-enabled processors that could allow local privilege escalation. The Intel advisory (INTEL-SA-00548) confirms affected products: Intel SGX SDK for Windows <= v2.12 and Linux
CVE-2018-3626
The CVE-2018-3626 entry concerns the Edger8r tool in Intel SGX SDK before 2.1.2 (Linux) and 1.9.6 (Windows). The vulnerability stems from Edger8r generating code that enables a side-channel, potentially allowing a local attacker to access unauthorized information within enclaves. Affected product...
CVE-2022-27499
CVE-2022-27499 : The Intel® SGX SDK contained a premature release of a resource during its expected lifetime, which may enable information disclosure via local access. The issue affects the Intel SGX SDK software for Linux prior to 2.18.100.1 and for Windows prior to 2.17.100.1. The underlying ca...
CVE-2018-18098
CVE-2018-18098 affects Intel SGX SDK and Intel SGX Platform Software for Windows prior to version 2.2.100. Root cause is improper file verification in the installer, enabling local privilege escalation. Intel’s advisory (INTEL-SA-00203) confirms the CVSS3.0 base score of 7.5 (LOCAL, Privileges Re...
CVE-2022-26841
CVE-2022-26841 affects Intel® SGX SDK for Linux prior to version 2.16.100.1. The issue is insufficient control flow management which may allow an authenticated local user to disclose information. Intel advisory INTEL-SA-00677 confirms the vulnerability and recommends updating to Linux SDK 2.16.10...
CVE-2022-26509
CVE-2022-26509 concerns the Intel SGX SDK. Red Hat and other sources reiterate the same issue: an improper conditions check may allow a privileged user to disclose information via local access. Intel’s advisory (INTEL-SA-00677) specifies affected products and versions: SGX SDK for Linux prior to ...