Sgx Sdk
CVE-2018-3626
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.
AnalysisAI
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized. Rated medium severity (CVSS 4.7). No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. Affected products include: Intel Sgx Sdk. Version information: version 2.1.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileg
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to pot
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentia
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enab
Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to p
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today