Main Vulnerability Database Vulnerabilities #VU57596

#VU57596 Permissions, Privileges, and Access Controls in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2021-0186

Published: October 21, 2021

Vulnerability identifier: #VU57596

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-0186

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Intel SGX SDK for Windows
Intel SGX SDK for Linux

Software vendor:
Intel

Description

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to improper input validation in the Intel SGX SDK applications compiled for SGX2 enabled processors, which leads to security restrictions bypass and privilege escalation.

This vulnerability affects the following Intel Processors supporting SGX2:

Ice Lake Xeon-SP (HCC, XCC) - 3rd Gen Intel® Xeon® Scalable processor famil

Ice Lake - 10th Generation Intel® Core™ Processor Famil

Gemini Lake - Intel® Pentium® Processor Silver Series, Intel® Celeron® Processor J Series, Intel® Celeron® Processor N Serie

Remediation

Install updates from vendor's website.

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548.html

#VU57596 Permissions, Privileges, and Access Controls in Intel SGX SDK for Windows and Intel SGX SDK for Linux - CVE-2021-0186

Description

Remediation

External links

Please verify you're human