CVE-2022-27499 — Vulnetix

CVE-2022-27499 PUBLISHED CVSS 2.5 LOW

Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

EPSS 2.56% · 85.8th percentile

Risk Scores

CVSS 3.1

2.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

EPSS Score

2.56%

85.8th percentile

Affected Products

Vendor	Product	Versions
intel	sgx_sdk	0, 0
n/a	Intel(R) SGX SDK software	See references

Exploit Intelligence

CVE-2022-27499 (github-poc)
CVE-2022-27499 (github-poc)
CVE-2022-27499 (github-poc)
CVE-2022-27499 (github-poc)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html (circl)

Timeline

Nov 9, 2022 CVE Published
Nov 12, 2022 EPSS Score
Dec 25, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 3, 2023 EPSS Score
Jun 15, 2023 EPSS Score
Sep 9, 2023 EPSS Score
Oct 21, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Feb 27, 2024 EPSS Score
Apr 10, 2024 EPSS Score

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html url
https://nvd.nist.gov/vuln/detail/CVE-2022-27499 advisory

Open in Interactive Console →