CVE-2022-26841

CWE-6703 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SGX SDK

Timeline

PublishedFeb 16

Description

Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5intel(r)_sgx_sdk_software_for_linuxbefore version 2.16.100.1

▶NVDintel/sgx_sdk< 2.16.100.1+1

🔴Vulnerability Details

GHSA

GHSA-55cg-v6gq-m3wm: Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2↗2023-02-16

▶

CVEList

CVE-2022-26841: Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2↗2023-02-16

▶