CVE-2022-46487 – This vulnerability in SCONE for Intel SGX allow... (How to Fix)

Q: What is the severity of CVE-2022-46487?

CVE-2022-46487 has a CVSS score of 7.8 (HIGH). This vulnerability in SCONE for Intel SGX allows a local attacker to compromise floating-point operation integrity or access sensitive information via side-channel analysis. It affects SCONE versions before 5.8.0 running on Intel SGX platforms. Attackers must have local access to the system to exploit this flaw.

📋 TL;DR

This vulnerability in SCONE for Intel SGX allows a local attacker to compromise floating-point operation integrity or access sensitive information via side-channel analysis. It affects SCONE versions before 5.8.0 running on Intel SGX platforms. Attackers must have local access to the system to exploit this flaw.

💻 Affected Systems

Products:

SCONE (Secure CONtainer Environment)

Versions: All versions before 5.8.0

Operating Systems: Linux (specifically those supporting Intel SGX)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel SGX enabled and running SCONE for enclave execution. Requires local access to the host system.

📦 What is this software?

Scone by Scontain

View all CVEs affecting Scone →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of enclave execution integrity leading to data exfiltration, privilege escalation, or cryptographic key leakage through floating-point side-channel attacks.

🟠

Likely Case

Information disclosure through side-channel analysis allowing attackers to infer sensitive data processed within SGX enclaves.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though residual risk remains if enclaves process highly sensitive data.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers with access to SGX-enabled systems could exploit this to compromise enclave security.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of side-channel analysis techniques. Research papers demonstrate practical exploitation methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.0 and later

Vendor Advisory: https://sconedocs.github.io/release5.7/

Restart Required: Yes

Instructions:

1. Update SCONE to version 5.8.0 or later. 2. Restart all affected enclaves and containers. 3. Verify the update was successful by checking SCONE version.

🔧 Temporary Workarounds

Disable floating-point operations in sensitive enclaves

linux

Modify enclave configurations to avoid or minimize floating-point operations that could leak information

Modify SCONE configuration files to restrict FPU usage in enclave definitions

Implement additional side-channel protections

linux

Add runtime protections and monitoring for floating-point operations within enclaves

Implement custom monitoring scripts for FPU state changes in enclaves

🧯 If You Can't Patch

Restrict local access to SGX-enabled systems to trusted users only
Implement strict monitoring and auditing of enclave execution and floating-point operations

🔍 How to Verify

Check if Vulnerable:

Check SCONE version: scone --version. If version is below 5.8.0 and running on Intel SGX, system is vulnerable.

Check Version:

scone --version

Verify Fix Applied:

Verify SCONE version is 5.8.0 or higher: scone --version | grep -E '5\.8\.|5\.[9-9]|6\.'

📡 Detection & Monitoring

Log Indicators:

Unusual floating-point operation patterns in enclave logs
Multiple failed enclave initialization attempts
Abnormal FPU state changes in system logs

Network Indicators:

Not applicable - local attack only

SIEM Query:

source="enclave_logs" AND ("FPU" OR "floating-point" OR "x87" OR "SSE") AND status="error" OR "unexpected"

📊 Metadata

CVE ID: CVE-2022-46487

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-665

Published: December 30, 2023

Last Updated: April 17, 2025

🔗 References

https://jovanbulck.github.io/files/acsac20-fpu.pdf Exploit,Third Party Advisory
https://jovanbulck.github.io/files/oakland24-pandora.pdf Exploit,Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle Third Party Advisory,US Government Resource
https://nvd.nist.gov/vuln/detail/CVE-2020-15107 Third Party Advisory,US Government Resource
https://sconedocs.github.io/release5.7/ Release Notes
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3 Technical Description
https://jovanbulck.github.io/files/acsac20-fpu.pdf Exploit,Third Party Advisory
https://jovanbulck.github.io/files/oakland24-pandora.pdf Exploit,Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle Third Party Advisory,US Government Resource
https://nvd.nist.gov/vuln/detail/CVE-2020-15107 Third Party Advisory,US Government Resource
https://sconedocs.github.io/release5.7/ Release Notes
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3 Technical Description

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46487, you might also want to check these: