{"api_version":"1","generated_at":"2026-04-23T02:37:19+00:00","cve":"CVE-2021-22552","urls":{"html":"https://cve.report/CVE-2021-22552","api":"https://cve.report/api/cve/CVE-2021-22552.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22552","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22552"},"summary":{"title":"CVE-2021-22552","description":"An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","state":"PUBLIC","assigner":"security@google.com","published_at":"2021-08-02 16:15:00","updated_at":"2021-08-10 19:51:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","name":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","refsource":"MISC","tags":[],"title":"Add sysno check in MessageReader · google/asylo@90d7619 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22552","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22552","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Qinkun Bao (Baidu Security)","lang":""},{"source":"LEGACY","value":"Zhaofeng Chen (Baidu Security)","lang":""},{"source":"LEGACY","value":"Mingshen Sun (Baidu Security)","lang":""},{"source":"LEGACY","value":"Kang Li (Baidu Security)","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"22552","vulnerable":"1","versionEndIncluding":"0.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"asylo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@google.com","DATE_PUBLIC":"2021-06-03T10:00:00.000Z","ID":"CVE-2021-22552","STATE":"PUBLIC","TITLE":"Memory overread secure enclave in Asylo 0.6.2"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Asylo","version":{"version_data":[{"version_affected":"<=","version_value":"0.6.2"}]}}]},"vendor_name":"Google LLC"}]}},"credit":[{"lang":"eng","value":"Qinkun Bao (Baidu Security)"},{"lang":"eng","value":"Zhaofeng Chen (Baidu Security)"},{"lang":"eng","value":"Mingshen Sun (Baidu Security)"},{"lang":"eng","value":"Kang Li (Baidu Security)"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-126 Buffer Over-read"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","name":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-08-02 16:15:00","lastModifiedDate":"2021-08-10 19:51:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22552","Ordinal":"197257","Title":"CVE-2021-22552","CVE":"CVE-2021-22552","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22552","Ordinal":"1","NoteData":"An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22552","Ordinal":"2","NoteData":"2021-08-02","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22552","Ordinal":"3","NoteData":"2021-08-02","Type":"Other","Title":"Modified"}]}}}