PT-2021-15138 · Google · Asylo

Kang Li

+4

·

Published

2021-06-08

·

Updated

2021-06-22

·

CVE-2021-22550

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Asylo versions prior to 0.6.3
Description An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave.
Recommendations Update to a version past 0.6.3 or apply the changes from the git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c to mitigate the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-823CWE-668

Related Identifiers

CVE-2021-22550

Affected Products

Asylo