Haitao Huang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the SGX EPC reclaimer (ksgxd) in the Linux kernel, which may reclaim the SECS EPC page for an enclave and set `secs.epc page` to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for `secs.epc page` is only done for ELDU, not EAUG before being used. This can lead to a kernel NULL pointer dereference. The SECS page holds global enclave metadata and can only be reclaimed when there are no other enclave pages remaining. An enclave cannot run nor generate page faults without a resident SECS page. The bug requires a specific race condition to be triggered with a #PF for EAUG. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.