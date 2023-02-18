Intel released this week an important update that fixes several vulnerabilities recently discovered in Software Guard Extensions (SGX), a set of security instructions embedded in brand processors that already presented integrity issues in 2018, affecting Xeon and Core processors. Now, there are a total of 31 new vulnerabilities that were listed on February 14, 2023. Five of them were cataloged in the CVE and refer to security holes found in SGX, involving several products from the manufacturer that include network adapters and various models of 3rd generation Xeon scalable processors.

Among the vulnerabilities related to SGX, the CVE-2022-33196 is the only one with severity rated "High". This security flaw affects 3rd generation Xeon Scalable processors and several Xeon D models. According to the description provided by Intel, incorrect default permissions on memory controller configurations may cause some Xeon processors that utilize SGX to open a loophole for a malicious actor's privilege escalation, allowing arbitrary code to be executed in the machine.

CVE-2022-38090, “Medium” severity, states that incorrectly isolating shared resources on processors with SGX could allow a privileged user to enable information disclosure on the hardware through local access. In addition to recommending that users install the patch latest version provided by the device manufacturer, the Intel says it will make BIOS and microcode updates available for processors affected by the breaches.