Описание
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory.
Отчет
Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov
Меры по смягчению последствий
As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | microcode_ctl | Will not fix | ||
| Red Hat Enterprise Linux 6 | microcode_ctl | Fixed | RHEA-2019:3847 | 12.11.2019 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | microcode_ctl | Fixed | RHEA-2019:3854 | 12.11.2019 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | microcode_ctl | Fixed | RHEA-2019:3853 | 12.11.2019 |
| Red Hat Enterprise Linux 7 | microcode_ctl | Fixed | RHEA-2019:3846 | 12.11.2019 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | microcode_ctl | Fixed | RHEA-2019:3852 | 12.11.2019 |
| Red Hat Enterprise Linux 7.2 Telco Extended Update Support | microcode_ctl | Fixed | RHEA-2019:3852 | 12.11.2019 |
| Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions | microcode_ctl | Fixed | RHEA-2019:3852 | 12.11.2019 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | microcode_ctl | Fixed | RHEA-2019:3851 | 12.11.2019 |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | microcode_ctl | Fixed | RHEA-2019:3851 | 12.11.2019 |
Показывать по
Дополнительная информация
Статус:
6 Medium
CVSS3
Связанные уязвимости
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
Уязвимость микропрограммного обеспечения процессоров Intel, связанная с недостатками контроля доступа, позволяющая нарушителю раскрыть защищаемую информацию
6 Medium
CVSS3