CVE-2021-22550 MEDIUM

CVE-2021-22550: Enclave memory overwrite/overread vulnerability in Asylo UntrustedCacheMalloc::GetBuffer

Vendor Google Llc
Product Asylo
Weakness CWE-823
Published June 8, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c

Key dates

02Disclosure timeline

June 8, 2021 CVE published
September 16, 2024 Record updated