Vulnerabilities > CVE-2019-0122 - Double Free vulnerability in Intel Software Guard Extensions SDK

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

NVD

Published: 2019-03-14

Updated: 2019-03-18

Summary

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

Vulnerable Configurations

Part	Description	Count
Application	Intel Intel Software Guard Extensions SDK 1.6 Intel Software Guard Extensions SDK 1.7 Intel Software Guard Extensions SDK 1.8 Intel Software Guard Extensions SDK 1.9 Intel Software Guard Extensions SDK 2.0 Intel Software Guard Extensions SDK 2.1 Intel Software Guard Extensions SDK 2.1.1 Intel Software Guard Extensions SDK 2.1.2 Intel Software Guard Extensions SDK 2.1.3	9
OS	Microsoft Microsoft Windows -	1
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html