Описание
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.
Ссылки
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.32 (исключая)
cpe:2.3:a:fortanix:confidential_computing_manager:*:*:*:*:*:intel_software_guard_extensions:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
5.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.5
github
около 2 лет назад
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.
EPSS
Процентиль: 10%
0.00035
Низкий
5.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo