Jesse Spielman

**Name of the Vulnerable Software and Affected Versions** Occlum versions prior to 0.26.0 **Description** The issue concerns the pointer-validation logic in Occlum for Intel SGX, which can act as a confused deputy. This allows a local attacker to access unauthorized information via side-channel analysis. **Recommendations** For versions prior to 0.26.0, update to version 0.26.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information to minimize the risk of exploitation via side-channel analysis.

**Name of the Vulnerable Software and Affected Versions** Crypto API Toolkit for Intel(R) SGX (affected versions not specified) **Description** A time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.