CVE-2021-0186

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 80.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SGX SDK

Timeline

PublishedNov 17

Latest updateMay 24

Description

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel(r)_sgx_sdk_applications_compiled_for_sgx2_enabled_processorsSee references

▶NVDintel/sgx_sdk2.12+1

🔴Vulnerability Details

GHSA

GHSA-5mqc-gjcv-wj5w: Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalat↗2022-05-24

▶

CVEList

CVE-2021-0186: Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalat↗2021-11-17

▶