CVE-2023-37479
CVE-2023-37479 is a medium-severity vulnerability in Openenclave with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-665.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- EPSS exploit prediction: 1% (46th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-665
- Affected product: Openenclave
- Published:
- Last modified:
Description
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.
Frequently asked questions
- What is CVE-2023-37479?
- Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.
- How severe is CVE-2023-37479?
- CVE-2023-37479 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2023-37479 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (46th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-37479?
- CVE-2023-37479 affects Openenclave. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-37479?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2023-37479 published?
- CVE-2023-37479 was published on 2023-07-17 and last updated on 2026-06-17.
References
- https://github.com/openenclave/openenclave/commit/ca54623333875b9beaad92c999a92b015c44b079
- https://github.com/openenclave/openenclave/security/advisories/GHSA-5gfr-m6mx-p5w4
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/mxcsr-configuration-dependent-timing.html
Affected products (1)
- cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*
More vulnerabilities in Openenclave
- CVE-2020-15224 — Medium (CVSS 6.8): In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using…
- CVE-2020-15107 — Medium (CVSS 5.3): In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host…
All CVEs affecting Openenclave →
Other CWE-665 (Improper Initialization) vulnerabilities
- CVE-2021-33635 — Critical (CVSS 9.8): When malicious images are pulled by isula pull, attackers can execute arbitrary code.
- CVE-2022-37128 — Critical (CVSS 9.8): In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
- CVE-2021-41264 — Critical (CVSS 9.8): OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using…
- CVE-2019-10196 — Critical (CVSS 9.8): A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option…
- CVE-2015-8367 — Critical (CVSS 9.8): The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute…
- CVE-2019-14271 — Critical (CVSS 9.8): In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the…
Browse all CWE-665 (Improper Initialization) vulnerabilities →