Software Guard Extensions Sdk
CVE-2019-0122
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.
AnalysisAI
Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Affected products include: Intel Software Guard Extensions Sdk. Version information: version 2.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable
Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to
Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.5
Same weakness CWE-415 – Double Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today