Details of VAR-202205-0812

ID

VAR-202205-0812

CVE

CVE-2021-33135

TITLE

Intel SGX Linux kernel drivers Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3043

DESCRIPTION

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Intel Software Guard Extensions (SGX) is a set of security-related instructions from Intel Corporation, which is built into some Intel CPUs. It provides hardware-based memory encryption to isolate application-specific code and data in memory. An authenticated user could exploit this vulnerability to implement a denial of service attack

Trust: 1.08

sources: NVD: CVE-2021-33135 // VULHUB: VHN-393149 // VULMON: CVE-2021-33135

AFFECTED PRODUCTS

vendor:

intel

model:

software guard extensions

scope:

lte

version:

2.14

Trust: 1.0

sources: NVD: CVE-2021-33135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33135
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202205-3043
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393149
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33135
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-393149
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33135
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-393149 // CNNVD: CNNVD-202205-3043 // NVD: CVE-2021-33135

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.1

sources: VULHUB: VHN-393149 // NVD: CVE-2021-33135

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3043

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3043

PATCH

title:

Intel SGX Linux kernel drivers Remediation of resource management error vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=193911

Trust: 0.6

sources: CNNVD: CNNVD-202205-3043

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33135	Trust: 1.8
db:	CNNVD	id:	CNNVD-202205-3043	Trust: 0.7
db:	CS-HELP	id:	SB2022052314	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4621	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4623	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2325	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0012	Trust: 0.6
db:	VULHUB	id:	VHN-393149	Trust: 0.1
db:	VULMON	id:	CVE-2021-33135	Trust: 0.1

sources: VULHUB: VHN-393149 // VULMON: CVE-2021-33135 // CNNVD: CNNVD-202205-3043 // NVD: CVE-2021-33135

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html	Trust: 1.8
url:	https://vigilance.fr/vulnerability/intel-sgx-dcap-denial-of-service-39302	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052314	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4621	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2325	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-33135/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4623	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0012	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-393149 // VULMON: CVE-2021-33135 // CNNVD: CNNVD-202205-3043 // NVD: CVE-2021-33135

SOURCES

db:	VULHUB	id:	VHN-393149
db:	VULMON	id:	CVE-2021-33135
db:	CNNVD	id:	CNNVD-202205-3043
db:	NVD	id:	CVE-2021-33135

LAST UPDATE DATE

2024-08-14T12:10:43.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393149	date:	2022-05-24T00:00:00
db:	VULMON	id:	CVE-2021-33135	date:	2022-05-12T00:00:00
db:	CNNVD	id:	CNNVD-202205-3043	date:	2023-01-03T00:00:00
db:	NVD	id:	CVE-2021-33135	date:	2022-05-24T16:04:25.627

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393149	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2021-33135	date:	2022-05-12T00:00:00
db:	CNNVD	id:	CNNVD-202205-3043	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2021-33135	date:	2022-05-12T17:15:09.490