CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46487
https://notcve.org/view.php?id=CVE-2022-46487
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. La inicialización incorrecta de los registros de configuración de punto flotante x87 y SSE en el componente __scone_entry de SCONE anterior a 5.8.0 para Intel SGX permite a un atacante local comprometer la integridad de ejecución de operaciones de punto flotante en un enclave o acceder a información confidencial a través del análisis de canal lateral. • https://jovanbulck.github.io/files/acsac20-fpu.pdf https://jovanbulck.github.io/files/oakland24-pandora.pdf https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle https://nvd.nist.gov/vuln/detail/CVE-2020-15107 https://sconedocs.github.io/release5.7 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38023
https://notcve.org/view.php?id=CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." Se descubrió un problema en SCONE Confidential Computing Platform anterior a 5.8.0 para Intel SGX. La falta de lógica de alineación de puntero en __scone_dispatch y otras funciones de entrada permite que un atacante local acceda a información no autorizada, también conocida como "fuga AEPIC". • https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 https://jovanbulck.github.io/files/oakland24-pandora.pdf https://sconedocs.github.io/release5.7 https://sconedocs.github.io/release5.8 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabi •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46486
https://notcve.org/view.php?id=CVE-2022-46486
A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. La falta de lógica de validación de puntero en el componente __scone_dispatch de SCONE anterior a v5.8.0 para Intel SGX permite a los atacantes acceder a información confidencial. • https://jovanbulck.github.io/files/ccs19-tale.pdf https://jovanbulck.github.io/files/oakland24-pandora.pdf https://sconedocs.github.io/release5.7 • CWE-763: Release of Invalid Pointer or Reference •