CVE-2021-22552
Summary
| CVE | CVE-2021-22552 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-02 16:15:00 UTC |
| Updated | 2021-08-10 19:51:00 UTC |
| Description | An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Add sysno check in MessageReader · google/asylo@90d7619 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Qinkun Bao (Baidu Security)
LEGACY: Zhaofeng Chen (Baidu Security)
LEGACY: Mingshen Sun (Baidu Security)
LEGACY: Kang Li (Baidu Security)
There are currently no legacy QID mappings associated with this CVE.