Main Vulnerability Database Vulnerabilities #VU25898

#VU25898 Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Published: March 10, 2020

Vulnerability identifier: #VU25898

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-0551

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux

Software vendor:
Intel

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Remediation

Install updates from vendor's website.

The list of affected processor families is available here:

https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

#VU25898 Information disclosure in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2020-0551

Description

Remediation

External links

Please verify you're human