Sgx Sdk
CVE-2021-0186
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.
AnalysisAI
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access. Affected products include: Intel Sgx Sdk, Intel Xeon Gold 6342 Firmware, Intel Xeon Gold 6346 Firmware, Intel Xeon Gold 6330 Firmware, Intel Xeon Platinum 8360Y Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to pot
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentia
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enab
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible
Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to p
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today