CVE-2019-0122

Published: Mar 14, 2019Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

Affected (2)

Products: Intel: Software Guard Extensions Sdk

Intel

1 product

Software Guard Extensions Sdk

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Software Guard Extensions Sdk	Before 2.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Software Guard Extensions Sdk	Before 2.2

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.