CVE-2021-22548: Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall
First published: Mon Mar 29 2021(Updated: )
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Products | <0.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22548?
CVE-2021-22548 has a medium severity rating due to the potential for unauthorized memory access.
How do I fix CVE-2021-22548?
To fix CVE-2021-22548, update Google Asylo to version 0.6.2 or later.
What could be the impact of CVE-2021-22548 if exploited?
If exploited, CVE-2021-22548 may allow attackers to read sensitive information from trusted memory regions.
Which versions of Google Asylo are affected by CVE-2021-22548?
CVE-2021-22548 affects Google Asylo versions prior to 0.6.2.
Is there a workaround for CVE-2021-22548?
There is no official workaround for CVE-2021-22548; upgrading to the latest version is recommended.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google products