CVE-2022-46486

MEDIUM

SCONE <5.8.0 - Info Disclosure

Title source: llm

Description

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

References (3)

[Exploit, Technical Description, Third Party Advisory] https://jovanbulck.github.io/files/ccs19-tale.pdf

[Exploit, Technical Description, Third Party Advisory] https://jovanbulck.github.io/files/oakland24-pandora.pdf

[Release Notes] https://sconedocs.github.io/release5.7/

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-763

Status published

Products (1)

scontain/scone < 5.8.0

Published Dec 30, 2023

Tracked Since Feb 18, 2026