Improper Isolation Vulnerability in Intel Processors with Software Guard Extensions
CVE-2022-38090

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Processors With Intel(r) Software Guard Extensions (sgx)
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-38090?

This vulnerability arises from improper isolation of shared resources in certain Intel processors when utilizing Intel Software Guard Extensions (SGX). A privileged user could exploit this flaw to potentially disclose sensitive information through local access, posing privacy risks and security concerns for affected systems. It underscores the necessity for robust security measures to prevent unauthorized access and maintain data integrity.

Affected Version(s)

Intel(R) Processors with Intel(R) Software Guard Extensions (SGX) See references

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Aug 19, 2022