Vulnerability Details : CVE-2021-22548
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Products affected by CVE-2021-22548
- cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22548
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
1.0
|
5.5
|
Google Inc. | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-22548
-
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.Assigned by: cve-coordination@google.com (Secondary)
References for CVE-2021-22548
-
https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Store untrusted output pointer in enclave · google/asylo@53ed5d8 · GitHubPatch;Third Party Advisory
Jump to