CVE Vulnerability

CVE-2018-3626

Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.

1.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr Vendor Advisory
http://www.securityfocus.com/bid/103479 Third Party Advisory VDB Entry
Configurations

Configuration 1
Information

Published : 2018-03-20 08:29

Updated : 2018-04-18 01:49

NVD link : CVE-2018-3626

Mitre link : CVE-2018-3626

Products Affected
No products.
CWE
CWE-200