Insufficient Access Control in Protected Memory Subsystem for Intel Processors
CVE-2019-0117

4.4MEDIUM

Key Information:

Vendor
Intel
Status
2019.2 Ipu – Intel(r) Sgx With Intel(r) Processor Graphics Update
Vendor
CVE Published:
14 November 2019

Summary

The vulnerability arises from insufficient access control within the protected memory subsystem of Intel's Software Guard Extensions (SGX). This flaw affects a range of Intel Core and Xeon processors, potentially allowing a privileged user to exploit local access and enable unauthorized information disclosure. This poses significant risks to data security in environments utilizing said processors.

Affected Version(s)

2019.2 IPU – Intel(R) SGX with Intel(R) Processor Graphics Update See provided reference

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_MISC
https://support.f5.com/csp/article/K73837233?utm_source=f...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.