Insufficient Control Flow Management in Intel SGX SDK for Linux
CVE-2022-26841

2.5LOW

Key Information:

Vendor: Intel
Status: Intel(r) Sgx Sdk Software For Linux
Vendor: CVE Published:; 16 February 2023

Summary

The Intel SGX SDK for Linux prior to version 2.16.100.1 exhibits insufficient control flow management, which may permit an authenticated user to potentially disclose sensitive information through local access. This flaw could lead to unauthorized exposure of data which should remain confidential, emphasizing the importance of updating to the latest version to mitigate such risks. For further details, please visit Intel's advisory.

Affected Version(s)

Intel(R) SGX SDK software for Linux before version 2.16.100.1

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Apr 5, 2022