Privilege escalation in Intel products - CVE-2018-18098
Published: January 15, 2019
Vulnerability identifier: #VU16991
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-18098
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel SGX Platform Software for Linux
Intel SGX Platform Software for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Intel SGX Platform Software for Linux
Intel SGX Platform Software for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper file verification in install routine. A local attacker can supply a specially crafted and gain elevated privileges to conduct further attacks.
The weakness exists due to improper file verification in install routine. A local attacker can supply a specially crafted and gain elevated privileges to conduct further attacks.
How to mitigate CVE-2018-18098
Update Intel SGX for Windows to version 2.2.100.
Update Intel SGX for Linux to version 2.4.100.
Update Intel SGX for Linux to version 2.4.100.