### Summary:

A potential security vulnerability in the Crypto API Toolkit for Intel® SGX (Software Guard Extensions) may allow escalation of privilege. Intel is releasing toolkit updates to mitigate these potential vulnerabilities.

### Vulnerability Details:

CVEID: [CVE-2022-21163]()

Description: Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

CVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N]()

****

### Affected Products:

Crypto API Toolkit for Intel® SGX before version 2.0 commit ID 91ee496.

### Recommendations:

Intel recommends updating Crypto API Toolkit for Intel® SGX to version 2.0 commit ID 91ee496 or later.

Updates are available for download at this location:

### Acknowledgements:

Intel would like to thank Sankaranarayanan Venkatasubramanian for reporting this issue.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.Read More