Bug 1758414 (CVE-2019-0117) - CVE-2019-0117 hw: Intel SGX information leak
Summary: CVE-2019-0117 hw: Intel SGX information leak
Keywords:
Status: NEW
Alias: CVE-2019-0117
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Prasad J Pandit
QA Contact:
URL:
Whiteboard:
Depends On: 1766439 1766444 1766434 1766435 1766436 1766437 1766438 1766440 1766441 1766442 1766443 1766923 1767753 1771648
Blocks: 1752312
TreeView+ depends on / blocked
 
Reported: 2019-10-04 05:13 UTC by Wade Mealing
Modified: 2019-11-20 14:23 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:3845 None None None 2019-11-12 21:37:13 UTC
Red Hat Product Errata RHEA-2019:3846 None None None 2019-11-12 22:38:14 UTC

Description Wade Mealing 2019-10-04 05:13:57 UTC
A flaw was found in the implementation of SGX around the access control of protected memory.  A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory.

Comment 7 Wade Mealing 2019-11-12 08:25:15 UTC
Acknowledgements:

Red Hat thanks Intel for reporting this issue and collaborating on the mitigations.

Comment 8 Prasad J Pandit 2019-11-12 09:32:37 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/2019-microcode-nov

Comment 10 Prasad J Pandit 2019-11-12 09:32:41 UTC
Mitigation:

As of this time there are no known mitigations. Please install relevant updated packages to address this flaw.

Comment 11 Prasad J Pandit 2019-11-12 18:08:15 UTC
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1771648]


Note You need to log in before you can comment on or make changes to this bug.