PT-2021-15137 · Google · Asylo
Kang Li
+4
·
Published
2021-06-08
·
Updated
2022-10-25
·
CVE-2021-22549
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Asylo versions prior to 0.6.2
Description
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory.
Recommendations
For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asylo