Observable discrepancy in Intel products - CVE-2021-0001
Published: June 16, 2021
Vulnerability identifier: #VU54157
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-0001
CWE-ID: CWE-203
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux
Intel Software Guard Extensions (SGX) Datacenter Attestation Primitives (DCAP)
Intel SGX PSW for Windows
Intel SGX PSW for Linux
Intel Integrated Performance Primitives
Intel SGX SDK for Windows
Intel SGX SDK for Linux
Intel Software Guard Extensions (SGX) Datacenter Attestation Primitives (DCAP)
Intel SGX PSW for Windows
Intel SGX PSW for Linux
Intel Integrated Performance Primitives
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2021-0001
Install updates from vendor's website.