CVE-2020-0561 — Improper Initialization in Intel Software Guard Extensions SDK

CWE-665 — Improper Initialization4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 61.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Software Guard Extensions SDK Opensuse Backports Opensuse Leap

Timeline

PublishedFeb 13

Latest updateMay 24

Description

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDintel/software_guard_extensions_sdk< 2.6.100.1+1

▶NVDopensuse/leap15.1

▶NVDopensuse/backportssle-15

🔴Vulnerability Details

GHSA

GHSA-r4p7-pmgm-2v37: Improper initialization in the Intel(R) SGX SDK before v2↗2022-05-24

▶

OSV

tiff vulnerabilities↗2022-05-16

▶

CVEList

CVE-2020-0561: Improper initialization in the Intel(R) SGX SDK before v2↗2020-02-13

▶