Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2022-46487
CVE information
Published
Last Modified
CVSSv3.1 Severity
Description
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis..
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.8/10
- Exploit Score
- 1.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:* |
Yes
|
- | 5.8.0 |
References
- https://sconedocs.github.io/release5.7/
- https://jovanbulck.github.io/files/acsac20-fpu.pdf
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-g
- https://nvd.nist.gov/vuln/detail/CVE-2020-15107
- https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle
- https://jovanbulck.github.io/files/oakland24-pandora.pdf