CVE-2023-38023

Name of the Vulnerable Software and Affected Versions SCONE Confidential Computing Platform versions prior to 5.8.0

Description An issue was discovered in the SCONE Confidential Computing Platform, where the lack of pointer-alignment logic in scone dispatch and other entry functions allows a local attacker to access unauthorized information, also known as an "AEPIC Leak". This issue affects the Intel SGX platform.

Recommendations For versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the scone dispatch function and other affected entry functions until a patch is available.