Sign-up

ID

VAR-201903-1239


CVE

CVE-2019-0122


TITLE

Intel(R) SGX SDK Double release vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002598

DESCRIPTION

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Intel(R) SGX SDK Contains a double release vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation

Trust: 2.34

sources: NVD: CVE-2019-0122 // JVNDB: JVNDB-2019-002598 // JVNDB: JVNDB-2019-001582

AFFECTED PRODUCTS

vendor:intelmodel:software guard extensions sdkscope:ltversion:2.2

Trust: 1.0

vendor:intelmodel:software guard extensions sdkscope:ltversion:2.1

Trust: 1.0

vendor:intelmodel:sgx sdkscope:ltversion:2.1 (windows)

Trust: 0.8

vendor:intelmodel:sgx sdkscope:ltversion:2.2 (linux)

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2019-002598 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2019-0122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0122
value: HIGH

Trust: 1.0

NVD: CVE-2019-0122
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-558
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-0122
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0122
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-002598 // CNNVD: CNNVD-201903-558 // NVD: CVE-2019-0122

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.8

sources: JVNDB: JVNDB-2019-002598 // NVD: CVE-2019-0122

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-558

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201903-558

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002598

PATCH
title:INTEL-SA-00217url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel SGX SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90146
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002598 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-558

EXTERNAL IDS
db:NVDid:CVE-2019-0122
Trust: 2.4
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2019-002598
Trust: 0.8
db:CNNVDid:CNNVD-201903-558
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002598 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-558 // 
            
            
            
            NVD: CVE-2019-0122

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0122
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0122
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002598 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-558 // 
            
            
            
            NVD: CVE-2019-0122

SOURCES
db:JVNDBid:JVNDB-2019-002598
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-558
db:NVDid:CVE-2019-0122

LAST UPDATE DATE
2024-11-23T19:39:37.883000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-002598date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-558date:2019-03-19T00:00:00
db:NVDid:CVE-2019-0122date:2024-11-21T04:16:16.590

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-002598date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-558date:2019-03-14T00:00:00
db:NVDid:CVE-2019-0122date:2019-03-14T20:29:01.537