CVE-2022-46486

low-risk
Published 2023-12-30

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Scone

Affected Vendors

Scontain

References (6)

Exploit https://jovanbulck.github.io/files/ccs19-tale.pdf
Exploit https://jovanbulck.github.io/files/oakland24-pandora.pdf
Release Notes https://sconedocs.github.io/release5.7/
Exploit https://jovanbulck.github.io/files/ccs19-tale.pdf
Exploit https://jovanbulck.github.io/files/oakland24-pandora.pdf
Release Notes https://sconedocs.github.io/release5.7/
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal