Improper Initialization of Floating-Point Configuration Registers in SCONE Enclave Component Allows Local Attackers to Compromise Execution Integrity and Access Sensitive Information

Improper Initialization of Floating-Point Configuration Registers in SCONE Enclave Component Allows Local Attackers to Compromise Execution Integrity and Access Sensitive Information

CVE-2022-46487 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.

Learn more about our Web Application Penetration Testing UK.