Intel has addressed multiple vulnerabilities discovered in its Software Guard Extensions (SGX) and is now urging users to apply the patch as soon as possible.
The flaws affect a “wide range of Intel products”, including Xeon processors, network adapters, and software. A total of 31 advisories were added to the Intel Security Center, including five CVE’s.
Of those five, two are privilege escalation vulnerabilities that could allow threat actors to elevate the privileges their accounts have on target endpoints (opens in new tab) and use them to exfiltrate sensitive data. The irony is palpable here, the publication hints, because SGX is a feature “that is supposed to enable secure processing of sensitive data inside encrypted memory areas known as enclaves.”
Stealing sensitive data
The third flaw, tracked as CVE-2022-38090, is a medium-rated vulnerability affecting, among others, 3rd Gen Xeon Scalable processors. According to Intel, “improper isolation of shared resources in some Intel Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.”
The best course of action, Intel says, is to update your device’s firmware.
The fourth vulnerability, tracked as CVE-2022-33196, is a high-severity flaw also affecting the 3rd Gen Xeon Scalable processors, but also Xeon D processors, as well. Patches, in the form of BIOS and microcode updates, are on the way, the company added.
The fifth flaw affects SGX’s software development kit (SDK). While this one is rated low severity, there is still a chance crooks use it to steal sensitive data, Intel says. An update is on the way, as well.
SGX, now in its eighth year, has been “plagued with vulnerabilities”, the publication says, adding that the tool was deprecated in client-focused chips from the 11th and 12th Gen Core processors.
Via: The Register (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba