CVE-2022-27499

CWE-6723 documents3 sources

Severity

4.4MEDIUM

EPSS

2.6%

top 14.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SGX SDK

Timeline

PublishedNov 11

Description

Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5intel(r)_sgx_sdk_softwareSee references

▶NVDintel/sgx_sdk< 2.17.100.1+1

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-27499: Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information↗2022-11-11

▶

GHSA

GHSA-vc86-73mc-m266: Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information↗2022-11-11

▶