CVE-2021-22552: Memory overread secure enclave in Asylo 0.6.2
First published: Mon Aug 02 2021(Updated: )
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Products | <=0.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-22552?
CVE-2021-22552 is classified as a high severity vulnerability due to the potential for untrusted memory reads from within secure enclaves.
How do I fix CVE-2021-22552?
To mitigate CVE-2021-22552, upgrade Asylo to version 0.6.2 or later where the vulnerability is addressed.
What versions of Asylo are affected by CVE-2021-22552?
CVE-2021-22552 affects all versions of Asylo up to and including 0.6.1.
What type of attack is possible with CVE-2021-22552?
An attacker exploiting CVE-2021-22552 can potentially read sensitive memory from a secure enclave.
Who is impacted by CVE-2021-22552?
Users and organizations using affected versions of Google Asylo are at risk from CVE-2021-22552.
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/author
- agent/title
- agent/severity
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google products
- version/google products/0.6.1