CVE Published: 08/06/2021 |
CVE Updated: 17/09/2024 |
CVE Year: 2021 Source: Google |
Vendor: Google LLC |
Product: Asylo Status : PUBLISHED
CVE-2021-22548 Description
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Metrics
CVSS Version: 3.1 |
Base Score: 6.5 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* LOW
Weakness Enumeration (CWE)
CWE-ID: CWE-788 CWE Name: CWE-788 Access of Memory Location After End of Buffer Source: Google LLC
Common Attack Pattern Enumeration and Classification (CAPEC)