Security News > 2023 > February > Intel patches up SGX best it can after another load of security holes found
These cover a wide range of Intel products including Xeon processors, network adapters, and also software.
One, CVE-2022-38090, has a severity rating of medium and affects a number of Intel processors, including the 3rd Gen Xeon Scalable server chips, which have only recently been superseded by the 4th Gen "Sapphire Rapids" products.
Intel's description for this explains: "Improper isolation of shared resources in some Intel Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access."
The description for this reveals that: "Incorrect default permissions in some memory controller configurations for some Intel Xeon Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable escalation of privilege via local access."
SGX was first introduced in 2015 with the Skylake generation Intel Core processors.
There are other issues in the latest disclosures that are not SGX related, including high-rated escalation of privilege bugs in the Intel Server Platform Services firmware, for which Intel said it will release firmware updates.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/15/intel_sgx_vulns/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2022-38090 | Unspecified vulnerability in Intel products Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |