CVE-2021-22549 MEDIUM

CVE-2021-22549: Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall

Vendor Google Llc
Product Asylo
Weakness CWE-823
Published June 8, 2021
Last update September 17, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

Key dates

02Disclosure timeline

June 8, 2021 CVE published
September 17, 2024 Record updated