Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall
CVE-2021-22548

6.5MEDIUM

Key Information:

Vendor: Google
Status: Asylo
Vendor: CVE Published:; 8 June 2021

Summary

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

Affected Version(s)

Asylo <= 0.6.2

References

https://github.com/google/asylo/commit/53ed5d8fd8118ced14...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2021
Vulnerability Reserved
Jan 5, 2021

Collectors

NVD DatabaseMitre Database

Credit

Qinkun Bao (Baidu Security)

Zhaofeng Chen (Baidu Security)

Mingshen Sun (Baidu Security)

Kang Li (Baidu Security)