CVE-2019-14565Improper Initialization in Intel 2019.2 IPU Intel SGX

CWE-665Improper Initialization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Intel 2019.2 IPU Intel SGXIntel Software Guard Extensions SDK
Timeline
PublishedNov 14
Latest updateMay 24

Description

Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5intel/2019.2_ipu_intel_sgxSee provided reference

🔴Vulnerability Details

2
GHSA
GHSA-gcwc-jjq5-ppvc: Insufficient initialization in Intel(R) SGX SDK Windows versions 22022-05-24
CVEList
CVE-2019-14565: Insufficient initialization in Intel(R) SGX SDK Windows versions 22019-11-14
CVE-2019-14565 — Improper Initialization in Intel | cvebase