CVE-2021-22548

CWE-7883 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google AsyloGoogle LLC Asylo
Timeline
PublishedJun 8
Latest updateMay 24

Description

An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 1.0 | Impact: 5.5

Affected Packages2 packages

NVDgoogle/asylo< 0.6.2
CVEListV5google_llc/asylounspecified0.6.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-j42g-3m6p-674j: An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the2022-05-24
CVEList
Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall2021-06-08
CVE-2021-22548 (HIGH CVSS 7.8) | An attacker can change the pointer | cvebase.io