CVE-2022-46487

Опубликовано: 30 дек. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.

Ссылки

https://jovanbulck.github.io/files/acsac20-fpu.pdf
Exploit
Third Party Advisory
https://jovanbulck.github.io/files/oakland24-pandora.pdf
Exploit
Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle
Third Party Advisory
US Government Resource
https://nvd.nist.gov/vuln/detail/CVE-2020-15107
Third Party Advisory
US Government Resource
https://sconedocs.github.io/release5.7/
Release Notes
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3
Technical Description
https://jovanbulck.github.io/files/acsac20-fpu.pdf
Exploit
Third Party Advisory
https://jovanbulck.github.io/files/oakland24-pandora.pdf
Exploit
Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle
Third Party Advisory
US Government Resource
https://nvd.nist.gov/vuln/detail/CVE-2020-15107
Third Party Advisory
US Government Resource
https://sconedocs.github.io/release5.7/
Release Notes
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*

Версия до 5.8.0 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

7.8 High

CVSS3

Дефекты

CWE-665

Связанные уязвимости

GHSA-p2fm-m9qc-j6x3