Intel® SGX SDK Edger8r and Intel® Software Guard Extensions Platform Software Component
Intel ID: INTEL-SA-00117
Product family: Intel® SGX
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Mar 19, 2018
[…]CVE-2018-3626: The Edger8r tool in the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK) before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel attack, potentially allowing a local user to access unauthorized information. CVE-2018-5736: An elevation of privilege in Intel® Software Guard Extensions Platform Software Component before 22.214.171.124329 allows a local attacker to execute arbitrary code as administrator. CVE-2018-3626: Recently it was reported that the Edger8r Tool, a software component of the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK), may generate C source code potentially leading to a software based side-channel vulnerability. […]Intel would like to thank Jo Van Bulck, Frank Piessens, and Raoul Strackx of Ku Leuven University for reporting CVE-2018-3626 and working with us on coordinated disclosure.