CVE Published: 08/06/2021 |
CVE Updated: 16/09/2024 |
CVE Year: 2021 Source: Google |
Vendor: Google LLC |
Product: Asylo Status : PUBLISHED
CVE-2021-22550 Description
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c
Metrics
CVSS Version: 3.1 |
Base Score: 6.5 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* LOW
Weakness Enumeration (CWE)
CWE-ID: CWE-823 CWE Name: CWE-823 Use of Out-of-range Pointer Offset Source: Google LLC
Common Attack Pattern Enumeration and Classification (CAPEC)