What is CVE-2018-3626?

CVE-2018-3626 is a medium-severity vulnerability in Intel Sgx_sdk, classified under Information Disclosure. CVSS score: 4.7/10. Published 2018-03-20.

How severe is CVE-2018-3626?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Information disclosure in Intel Sgx_sdk

CVE-2018-3626

Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.

Vulnerability class: Information Disclosure

EPSS: 0.003 (21.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Intel Sgx_sdk
Intel Corporation Sgx Sdk — versions before version 2.1.2 (Linux) and 1.9.6 (Windows)
Linux Linux_kernel
Microsoft Windows

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secure@intel.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-3626?: CVE-2018-3626 is a medium-severity vulnerability in Intel Sgx_sdk, classified under Information Disclosure. CVSS score: 4.7/10. Published 2018-03-20.
How severe is CVE-2018-3626?: Medium severity. CVSS v3 base score is 4.7 out of 10.