CVE-2021-0001

CWE-203 CWE-3698 documents6 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 67.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SGX Dcap Intel SGX PSW Intel SGX SDK +1 more

Timeline

PublishedJun 9

Latest updateJul 10

Description

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

▶NVDintel/sgx_psw2.12.100.4+1

▶NVDintel/sgx_sdk2.12.100.4+1

▶NVDintel/sgx_dcap1.10.100.4

▶CVEListV5intel(r)_ippbefore version 2020 update 1

▶NVDintel/integrated_performance_primitives_cryptography2019, 2020+1

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2024-07-10

▶

OSV

linux-azure, linux-azure-4.15 vulnerabilities↗2024-07-04

▶

GHSA

GHSA-78jj-chhm-hm82: Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via↗2022-05-24

▶

CVEList

CVE-2021-0001: Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via↗2021-06-09

▶

GHSA

Division by 0 in `QuantizedConv2D`↗2021-05-21

▶

📋Vendor Advisories

VMware

VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)↗2022-01-04

▶

VMware

vSphere Replication updates address a command injection vulnerability (CVE-2021-21976)↗2021-02-11

▶