Observable discrepancy in Intel products - CVE-2021-0001

 

Observable discrepancy in Intel products - CVE-2021-0001

Published: June 16, 2021


Vulnerability identifier: #VU54157
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-0001
CWE-ID: CWE-203
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux
Intel Software Guard Extensions (SGX) Datacenter Attestation Primitives (DCAP)
Intel SGX PSW for Windows
Intel SGX PSW for Linux
Intel Integrated Performance Primitives

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.


How to mitigate CVE-2021-0001

Install updates from vendor's website.

Sources