Another type of vulnerabilities is uninitialized memory that may allow untrusted host (i.e., the OS) to infer the data inside an enclave.
This video shows how the SGX-Bleed problem leaks uninitialized SGX memory via structure padding.
{% embed url="https://youtu.be/Cd-o\_wV4iGk" %}