Vulnerabilities > CVE-2021-22549 - Exposure of Resource to Wrong Sphere vulnerability in Google Asylo

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

google

CWE-668

NVD

Published: 2021-06-08

Updated: 2022-10-25

Summary

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

Vulnerable Configurations

Part	Description	Count
Application	Google Google Asylo - Google Asylo 0.2.0 Google Asylo 0.2.1 Google Asylo 0.2.2 Google Asylo 0.3.0 Google Asylo 0.3.1 Google Asylo 0.3.2 Google Asylo 0.3.3 Google Asylo 0.3.4 Google Asylo 0.3.4.1 Google Asylo 0.3.4.2 Google Asylo 0.4.0 Google Asylo 0.4.1 Google Asylo 0.5.0 Google Asylo 0.5.1 Google Asylo 0.5.2 Google Asylo 0.5.3 Google Asylo 0.6.0	18

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6fa3cc1b62fcd4a52f2c0ad