Vulnerabilites related to intel - software_guard_extensions_sdk
cve-2019-14566
Vulnerability from cvelistv5
Published
2019-11-14 16:46
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html | x_refsource_MISC | |
| https://support.f5.com/csp/article/K57201259?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | 2019.2 IPU – Intel(R) SGX |
Version: See provided reference |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) SGX",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T07:06:57",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-14566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) SGX",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"name": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-14566",
"datePublished": "2019-11-14T16:46:00",
"dateReserved": "2019-08-03T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14565
Vulnerability from cvelistv5
Published
2019-11-14 16:47
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html | x_refsource_MISC | |
| https://support.f5.com/csp/article/K57201259?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | 2019.2 IPU – Intel(R) SGX |
Version: See provided reference |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) SGX",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T07:06:57",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-14565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) SGX",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"name": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-14565",
"datePublished": "2019-11-14T16:47:32",
"dateReserved": "2019-08-03T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0122
Vulnerability from cvelistv5
Published
2019-03-14 20:00
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Intel(R) Software Guard Extensions SDK |
Version: Multiple versions. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Software Guard Extensions SDK",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Multiple versions."
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-14T19:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2019-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Software Guard Extensions SDK",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0122",
"datePublished": "2019-03-14T20:00:00Z",
"dateReserved": "2018-11-13T00:00:00",
"dateUpdated": "2024-09-16T18:49:09.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0561
Vulnerability from cvelistv5
Published
2020-02-13 18:21
Modified
2024-08-04 06:02
Severity ?
EPSS score ?
Summary
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) SGX SDK |
Version: before v2.6.100.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html"
},
{
"name": "openSUSE-SU-2020:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html"
},
{
"name": "openSUSE-SU-2020:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) SGX SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before v2.6.100.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T14:06:03",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html"
},
{
"name": "openSUSE-SU-2020:0604",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html"
},
{
"name": "openSUSE-SU-2020:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) SGX SDK",
"version": {
"version_data": [
{
"version_value": "before v2.6.100.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html"
},
{
"name": "openSUSE-SU-2020:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html"
},
{
"name": "openSUSE-SU-2020:0615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0561",
"datePublished": "2020-02-13T18:21:11",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-02-13 19:15
Modified
2024-11-21 04:53
Severity ?
Summary
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html | Mailing List, Third Party Advisory | |
| secure@intel.com | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html | Mailing List, Third Party Advisory | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | software_guard_extensions_sdk | * | |
| microsoft | windows | - | |
| intel | software_guard_extensions_sdk | * | |
| linux | linux_kernel | - | |
| opensuse | backports | sle-15 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB8EADB-E24B-444F-9D97-2EF45326233E",
"versionEndExcluding": "2.6.100.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60DE7C7E-F1EF-4F5C-A6D1-4C852E7279B1",
"versionEndExcluding": "2.8.100.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Una inicializaci\u00f3n inapropiada en el SDK Intel\u00ae SGX versiones anteriores a v2.6.100.1, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local."
}
],
"id": "CVE-2020-0561",
"lastModified": "2024-11-21T04:53:45.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-13T19:15:13.880",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00336.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | software_guard_extensions_sdk | 2.3.100.49777 | |
| intel | software_guard_extensions_sdk | 2.3.101.50222 | |
| intel | software_guard_extensions_sdk | 2.4.100.51291 | |
| microsoft | windows | - | |
| intel | software_guard_extensions_sdk | 2.2.100.45311 | |
| intel | software_guard_extensions_sdk | 2.3.100.46354 | |
| intel | software_guard_extensions_sdk | 2.4.100.48163 | |
| intel | software_guard_extensions_sdk | 2.5.100.49891 | |
| intel | software_guard_extensions_sdk | 2.6.100.51363 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.49777:*:*:*:*:*:*:*",
"matchCriteriaId": "0937BA08-E9BD-4903-AC84-4B46F3200F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.101.50222:*:*:*:*:*:*:*",
"matchCriteriaId": "6578D9CF-A3AF-46D2-B3A4-BC1D3DB30D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.51291:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2170C4-97DE-472C-9855-12E388999DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.2.100.45311:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB426EB-41DA-4F17-8844-EA65A8B97DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.46354:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E27192-41CF-4AAB-80E8-36F1CFBEF626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.48163:*:*:*:*:*:*:*",
"matchCriteriaId": "46A915C7-31F6-4C8D-82CB-76CD6625DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.5.100.49891:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF40835-E44D-47AC-AECB-4007E0F26D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.6.100.51363:*:*:*:*:*:*:*",
"matchCriteriaId": "87BC2909-B984-459B-B659-7D681BA9D8C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de entrada insuficiente en Intel\u00ae SGX SDK m\u00faltiples versiones de Linux y Windows, puede habilitar a un usuario autenticado para permitir una divulgaci\u00f3n de informaci\u00f3n, una escalada de privilegios o una denegaci\u00f3n de servicio por medio de un acceso local."
}
],
"id": "CVE-2019-14566",
"lastModified": "2024-11-21T04:26:58.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T17:15:14.617",
"references": [
{
"source": "secure@intel.com",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 17:15
Modified
2024-11-21 04:26
Severity ?
Summary
Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | software_guard_extensions_sdk | 2.3.100.49777 | |
| intel | software_guard_extensions_sdk | 2.3.101.50222 | |
| intel | software_guard_extensions_sdk | 2.4.100.51291 | |
| microsoft | windows | - | |
| intel | software_guard_extensions_sdk | 2.2.100.45311 | |
| intel | software_guard_extensions_sdk | 2.3.100.46354 | |
| intel | software_guard_extensions_sdk | 2.4.100.48163 | |
| intel | software_guard_extensions_sdk | 2.5.100.49891 | |
| intel | software_guard_extensions_sdk | 2.6.100.51363 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.49777:*:*:*:*:*:*:*",
"matchCriteriaId": "0937BA08-E9BD-4903-AC84-4B46F3200F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.101.50222:*:*:*:*:*:*:*",
"matchCriteriaId": "6578D9CF-A3AF-46D2-B3A4-BC1D3DB30D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.51291:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2170C4-97DE-472C-9855-12E388999DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.2.100.45311:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB426EB-41DA-4F17-8844-EA65A8B97DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.3.100.46354:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E27192-41CF-4AAB-80E8-36F1CFBEF626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.4.100.48163:*:*:*:*:*:*:*",
"matchCriteriaId": "46A915C7-31F6-4C8D-82CB-76CD6625DAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.5.100.49891:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF40835-E44D-47AC-AECB-4007E0F26D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:2.6.100.51363:*:*:*:*:*:*:*",
"matchCriteriaId": "87BC2909-B984-459B-B659-7D681BA9D8C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access."
},
{
"lang": "es",
"value": "Una inicializaci\u00f3n insuficiente en Intel\u00ae SGX SDK versiones de Windows 2.4.100.51291 y anteriores, y las versiones de Linux 2.6.100.51363 y anteriores, puede habilitar a un usuario autenticado para permitir una divulgaci\u00f3n de informaci\u00f3n, una escalada de privilegios o una denegaci\u00f3n de servicio por medio de un acceso local."
}
],
"id": "CVE-2019-14565",
"lastModified": "2024-11-21T04:26:58.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T17:15:14.537",
"references": [
{
"source": "secure@intel.com",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K57201259?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00293.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-14 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | software_guard_extensions_sdk | * | |
| microsoft | windows | - | |
| intel | software_guard_extensions_sdk | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B893E9-5AD6-4D03-B217-20F72B91682B",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:software_guard_extensions_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9BCE44-2925-46C0-BD2C-A6CF56C84B47",
"versionEndExcluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access."
},
{
"lang": "es",
"value": "Doble liberaci\u00f3n (double free) en Intel(R) SGX SDK para Linux, en versiones anteriores a la 2.2; e Intel(R) SGX SDK para Windows, en versiones anteriores a la 2.1, podr\u00eda permitir que un usuario autenticado habilite la divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio (DoS) mediante acceso local."
}
],
"id": "CVE-2019-0122",
"lastModified": "2024-11-21T04:16:16.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-14T20:29:01.537",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}