Multiple vulnerabilities in Intel SGX SDK software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-26509 CVE-2022-26841 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel SGX SDK for Linux Client/Desktop applications / Other client software Intel SGX SDK for Windows Client/Desktop applications / Other client software |
| Vendor |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU72462
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26509
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper conditions check. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel SGX SDK for Linux: before 2.16.100.1
Intel SGX SDK for Windows: before 2.15.100.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU72463
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26841
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to insufficient control flow management. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel SGX SDK for Linux: before 2.16.100.1
Intel SGX SDK for Windows: before 2.15.100.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
