Observable discrepancy in Intel products - CVE-2021-0001
Published: June 16, 2021
Vulnerability identifier: #VU54157
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-0001
CWE-ID: CWE-203
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux
Intel Software Guard Extensions (SGX) Datacenter Attestation Primitives (DCAP)
Intel SGX PSW for Windows
Intel SGX PSW for Linux
Intel Integrated Performance Primitives
Intel SGX SDK for Windows
Intel SGX SDK for Linux
Intel Software Guard Extensions (SGX) Datacenter Attestation Primitives (DCAP)
Intel SGX PSW for Windows
Intel SGX PSW for Linux
Intel Integrated Performance Primitives
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.