Information Disclosure in Intel SGX SDK Software
CVE-2022-26509

2.5LOW

Key Information:

Vendor: Intel
Status: Intel(r) Sgx Sdk Software
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-26509?

The vulnerability in Intel SGX SDK software arises from inadequate checks on certain conditions, which can be exploited by a privileged user. This exploit may enable unauthorized access to sensitive information through local interactions, posing a risk to data confidentiality.

Affected Version(s)

Intel(R) SGX SDK software See references

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Apr 5, 2022