Intel has resolved multiple vulnerabilities found in its Software Guard Extensions (SGX) and urged users to update the application patches as soon as possible.
According to the report, the flaws involve “a wide range of Intel products,” including Xeon processors, network adapters and software. Today, the Intel Security Center added a total of 31 warnings, including five CVE risks. Among the five risk vulnerabilities, two can be used to give illegal applications the power to lead to the theft of sensitive data.
The third vulnerability, CVE-2022-38090, is a medium-risk level vulnerability that can affect third-generation Xeon Scalable processors. According to Intel, “improper isolation of shared resources in certain Intel processors when using Intel SGX could allow privileged users to potentially disclose information through local access.”
Intel says the best approach is to update your device’s firmware, and it is strongly recommends that affected users go for the updated patch.
The fourth vulnerability number is CVE-2022-33196, which is a high-severity vulnerability that also affects third-generation Xeon Scalable processors but also affects Xeon D processors. The company said they are working on patches in the form of BIOS and microcode.
A fifth vulnerability affects SGX’s software development kit (SDK), which Intel says is less severe, but could still be used to steal sensitive data and is currently working on a patch to update it.
SGX is now in its eighth year of life, and while it has been “bug-ridden,” the tool has actually been abandoned in consumer processors such as the 11th and 12th generation Cores.