Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall
CVE-2021-22549

6.5MEDIUM

Key Information:

Vendor: Google
Status: Asylo
Vendor: CVE Published:; 8 June 2021

Summary

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

Affected Version(s)

Asylo <= 0.6.2

References

https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2021
Vulnerability Reserved
Jan 5, 2021

Collectors

NVD DatabaseMitre Database

Credit

Qinkun Bao (Baidu Security)

Zhaofeng Chen (Baidu Security)

Mingshen Sun (Baidu Security)

Kang Li (Baidu Security)