Allele Security Alert
ASA-2019-00337
Identifier(s)
ASA-2019-00337, CVE-2019-0157, INTEL-SA-00235
Title
Insufficient input validation
Vendor(s)
Intel
Product(s)
Intel® SGX Linux
Intel® SGX DCAP Linux
Affected version(s)
Intel® SGX Linux client driver version before 2.5
Intel® SGX DCAP Linux driver before 1.1
Fixed version(s)
Intel® SGX Linux client driver version 2.5
Intel® SGX DCAP Linux driver version 1.1
Proof of concept
Unknown
Description
Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.
Technical details
Unknown
Credits
Unknown
Reference(s)
Intel® SGX for Linux Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html
Intel® Software Guard Extensions SDK for Linux*
https://01.org/intel-softwareguard-extensions/downloads/intel-sgx-linux-2.5-release
Intel® Software Guard Extensions SDK for Linux*
https://01.org/intel-softwareguard-extensions/downloads/intel-sgx-dcap-linux-1.1-release
CVE-2019-0157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0157
CVE-2019-0157
https://nvd.nist.gov/vuln/detail/CVE-2019-0157
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 13, 2019