CVE-2021-0186

high-risk
Published 2021-11-17

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Sgx Sdk
Sgx Sdk
Xeon Gold 6342 Firmware
Xeon Gold 6346 Firmware
Xeon Gold 6330 Firmware
Xeon Platinum 8360Y Firmware
Xeon Gold 6354 Firmware
Xeon Gold 6314U Firmware
Xeon Gold 6338N Firmware
Xeon Silver 4314 Firmware
Xeon Silver 4316 Firmware
Xeon Gold 5318Y Firmware
Xeon Gold 5317 Firmware
Xeon Gold 6334 Firmware
Xeon Gold 6326 Firmware
Xeon Silver 4309Y Firmware
Xeon Gold 6348 Firmware
Xeon Silver 4310 Firmware
Xeon Gold 6338T Firmware
Xeon Gold 5318S Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548....
54
/ 100
high-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 33/34 · Critical