Security News > 2023 > February > Intel patches up SGX best it can after another load of security holes found

Intel patches up SGX best it can after another load of security holes found
2023-02-15 20:40

These cover a wide range of Intel products including Xeon processors, network adapters, and also software.

One, CVE-2022-38090, has a severity rating of medium and affects a number of Intel processors, including the 3rd Gen Xeon Scalable server chips, which have only recently been superseded by the 4th Gen "Sapphire Rapids" products.

Intel's description for this explains: "Improper isolation of shared resources in some Intel Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access."

The description for this reveals that: "Incorrect default permissions in some memory controller configurations for some Intel Xeon Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable escalation of privilege via local access."

SGX was first introduced in 2015 with the Skylake generation Intel Core processors.

There are other issues in the latest disclosures that are not SGX related, including high-rated escalation of privilege bugs in the Intel Server Platform Services firmware, for which Intel said it will release firmware updates.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/15/intel_sgx_vulns/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-38090 Unspecified vulnerability in Intel products
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel
4.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6832 278 786 430 28 1522