CVE-2019-0122 — Double Free in Intel Software Guard Extensions SDK

CWE-415 — Double Free3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 83.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Software Guard Extensions SDK Intel Corporation Intel Software Guard Extensions SDK

Timeline

PublishedMar 14

Latest updateMay 14

Description

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDintel/software_guard_extensions_sdk< 2.1+1

▶CVEListV5intel_corporation/intel_software_guard_extensions_sdkMultiple versions.

🔴Vulnerability Details

GHSA

GHSA-364f-vpc5-cg4x: Double free in Intel(R) SGX SDK for Linux before version 2↗2022-05-14

▶

CVEList

CVE-2019-0122: Double free in Intel(R) SGX SDK for Linux before version 2↗2019-03-14

▶