Main Vulnerability Database Exploits ID:336 - Exploit for Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

ID:336 - Exploit for Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Published: March 18, 2020

Vulnerability identifier: #VU25898

Vulnerability risk: Low

CVE-ID: CVE-2020-0551

CWE-ID: CWE-200

Exploitation vector: Local access

Vulnerable software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux

Link to public exploit:

https://github.com/bitdefender/lvi-lfb-attack-poc

Vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Remediation

Install updates from vendor's website.

The list of affected processor families is available here:

https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model

ID:336 - Exploit for Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human