Insufficient Pointer Validation in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform Allows Unauthorized Information Access

Insufficient Pointer Validation in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform Allows Unauthorized Information Access

CVE-2023-38022 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.

Learn more about our User Device Pen Test.