Sgx Sdk
CVE-2022-27499
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.
AnalysisAI
Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-672. Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. Affected products include: Intel Sgx Sdk.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileg
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to pot
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentia
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enab
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today