Information Disclosure Vulnerability in Intel SGX SDK Software
CVE-2022-27499

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Sgx Sdk Software
Vendor: CVE Published:; 11 November 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An information disclosure vulnerability exists in Intel SGX SDK software due to premature resource release during its expected lifecycle. A privileged user with local access could exploit this flaw to potentially access sensitive information, compromising the integrity of the secure execution environment. Users are urged to apply the latest patches to mitigate the risk of exposure.

Affected Version(s)

Intel(R) SGX SDK software See references

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

snapshot-demo
Created by StanPlatinum

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
Apr 5, 2022
🟡
Public PoC available
Jan 7, 2022
👾
Exploit known to exist
Jan 7, 2022