Potential security vulnerabilities in the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK) may allow information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2022-26509
Description: Improper conditions check in the Intel® SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 2.5 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2022-26841
Description: Insufficient control flow management for the Intel® SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 2.5 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Intel® SGX SDK software for Linux before version 2.16.100.1.
Intel® SGX SDK software for Windows before version 2.15.100.1.
Intel recommends updating Intel® SGX SDK software for Linux to version 2.16.100.1 or later.
Intel recommends updating Intel® SGX SDK software for Windows to version 2.15.100.1 or later.
Intel would like to thank Jo Van Bulck, Fritz Alder, Frank Piessens, and David Oswald for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.