Number: AV17-119
Date: 09 August 2017
Purpose
The purpose of this advisory is to bring attention to a vulnerability in Intel® Software Guard Extensions (SGX).
Assessment
CCIRC is aware of an incorrect check vulnerability in Intel® Software Guard Extensions (SGX) in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families. This privilege escalation vulnerability could allow an unprivileged user to compromise system firmware via incorrect early system state.
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
Intel® Software Guard Extensions (SGX) Incorrect Check Vulnerability
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr