CVE-2024-29970

Fortanix Enclave OS version 3.36.1941-EM is affected by CVE-2024-29970, an interface vulnerability that enables state corruption through injected signals. This flaw, published on 2025-01-10, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

The vulnerability allows remote attackers with network access to exploit it without authentication, privileges, or user interaction, due to its low attack complexity and unchanged scope. Successful exploitation leads to state corruption within the enclave, potentially enabling full compromise of the protected environment.

Mitigation details and advisories are referenced in Fortanix's Enclave OS support section at https://support.fortanix.com/hc/en-us/sections/360012461751-Enclave-OS, along with a proof-of-concept at https://github.com/ahoi-attacks/sigy/blob/main/pocs/enclaveos/cve.md. Security practitioners should consult these resources for patching instructions and updates.