CVE-2021-3543Use After Free in Enclaves Project Nitro Enclaves

CWE-416Use After FreeCWE-476NULL Pointer Dereference9 documents6 sources
Severity
6.7MEDIUMNVD
OSV3.5
EPSS
0.1%
top 73.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelNitro Enclaves Project Nitro EnclavesDebian Linux+2 more
Timeline
PublishedJun 1
Latest updateMay 24

Description

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.38-1+3
debiandebian/linux< linux 5.10.38-1 (bookworm)

Also affects: Fedora 34, Enterprise Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-5rp3-9frh-m3wx: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descrip2022-05-24
OSV
linux-oem-5.10 vulnerabilities2021-06-23
OSV
CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descrip2021-06-01

📋Vendor Advisories

5
Ubuntu
Linux kernel (KVM) vulnerabilities2021-06-25
Ubuntu
Linux kernel (OEM) vulnerabilities2021-06-23
Ubuntu
Linux kernel vulnerabilities2021-06-23
Red Hat
kernel: nitro_enclaves stale file descriptors on failed usercopy2021-04-29
Debian
CVE-2021-3543: linux - A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in...2021
CVE-2021-3543 — Use After Free | cvebase