CVE-2022-46487

Name of the Vulnerable Software and Affected Versions SCONE versions prior to 5.8.0

Description The issue is related to the improper initialization of x87 and SSE floating-point configuration registers in the scone entry component of SCONE for Intel SGX. This allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.

Recommendations For SCONE versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the scone entry component until a patch is available.