Main Vulnerability Database Vulnerabilities #VU25898

Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Published: March 10, 2020

Vulnerability identifier: #VU25898

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-0551

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Intel

Affected software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

How to mitigate CVE-2020-0551

Install updates from vendor's website.

The list of affected processor families is available here:

https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model

Sources

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Detailed vulnerability description

How to mitigate CVE-2020-0551

Sources

Please verify you're human