CVE-2019-0122

HIGH

Intel Software Guard Extensions SDK < 2.1 - Double Free

Title source: rule

Description

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

References (1)

[Vendor Advisory] https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00217.html

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 16.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

intel/software_guard_extensions_sdk < 2.1

Timeline

Published Mar 14, 2019

Tracked Since Feb 18, 2026