Jo Van Bulck

**Name of the Vulnerable Software and Affected Versions** Intel SGX SDK (affected versions not specified) **Description** The issue is an out-of-bounds write that may allow an authenticated user to potentially enable escalation of privilege via local access. This could compromise secure enclaves. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SGX DCAP software for Windows versions prior to 1.19.100.3 **Description** The issue is related to insufficient input validation in the Intel SGX DCAP software, which may allow an authenticated user to potentially enable information disclosure via local access. **Recommendations** For versions prior to 1.19.100.3, update to version 1.19.100.3 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open Enclave versions prior to 0.19.3 **Description** The issue concerns two problems in the Open Enclave SDK. First, it does not properly sanitize the `MXCSR` register on enclave entry, making applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks. This could impact instruction retirement by at most one cycle, depending on the secret data operand value. Second, the SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry, allowing a side-channel attacker to be notified for every unaligned memory access performed by the enclave. **Recommendations** For versions prior to 0.19.3, update to version 0.19.3 or later and recompile applications against the patched libraries to be protected from this issue. As a temporary workaround, consider restricting access to sensitive data and minimizing unaligned memory accesses until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SGX SDK (affected versions not specified) **Description** The issue is related to an improper conditions check in the Intel(R) SGX SDK software. This may allow a privileged user to potentially enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SGX SDK software for Linux versions prior to 2.16.100.1 **Description** The issue is related to insufficient control flow management, which may allow an authenticated user to potentially enable information disclosure via local access. **Recommendations** For versions prior to 2.16.100.1, update to version 2.16.100.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Occlum versions prior to 0.26.0 **Description** The issue concerns the pointer-validation logic in Occlum for Intel SGX, which can act as a confused deputy. This allows a local attacker to access unauthorized information via side-channel analysis. **Recommendations** For versions prior to 0.26.0, update to version 0.26.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information to minimize the risk of exploitation via side-channel analysis.

**Name of the Vulnerable Software and Affected Versions** Crypto API Toolkit for Intel(R) SGX (affected versions not specified) **Description** A time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openenclave versions prior to 0.10.0 **Description** The issue affects enclaves that use x87 FPU operations, making them vulnerable to tampering by a malicious host application. This is due to the violation of the Linux System V Application Binary Interface (ABI) for such operations, allowing a host app to compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this may also be used to mount a side-channel attack on the enclave. **Recommendations** For versions prior to 0.10.0, users will need to recompile their applications against the patched libraries to be protected from this issue. As a temporary workaround, consider restricting the use of x87 FPU operations in enclaves until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Intel(R) Processors (affected versions not specified) Description: The issue concerns a load value injection in some Intel(R) Processors utilizing speculative execution, which may allow an authenticated user to potentially enable information disclosure via a side channel with local access. This could lead to the disclosure of protected information. The vulnerability exploits the speculative execution mechanism, potentially allowing attackers to bypass existing defenses and access sensitive data from Intel SGX enclaves and other processes. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to cleanup errors in some data cache evictions for some Intel(R) Processors, which may allow an authenticated user to potentially enable information disclosure via local access. This is caused by a data leak from the L1D cache. The vulnerability can be exploited to disclose protected information. Researchers have found a new speculative execution vulnerability in Intel CPUs that could let attackers leak targeted sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Enclave SDK versions (affected versions not specified) **Description** The issue is related to an error in handling objects in memory, which can be exploited by a remote attacker to gain unauthorized access to protected information. This is an information disclosure issue that arises from improper handling of objects in memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel SGX (affected versions not specified) Huawei VRP (affected versions not specified) **Description** The issue is related to the implementation of Intel Software Guard Extensions (SGX) technology and speculative execution in microprocessors. It may allow unauthorized disclosure of information from an enclave to an attacker with local user access via a side-channel analysis. This can enable an attacker to read data from the L1 cache, which may contain fragments of data from the protected area after speculative execution. **Recommendations** For Intel SGX, consider disabling speculative execution as a temporary workaround until a patch is available. For Huawei VRP, at the moment, there is no information about a newer version that contains a fix for this vulnerability.