Vulnerabilities > CVE-2021-44421 - Information Exposure Through Discrepancy vulnerability in Occlum Project Occlum

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

occlum-project

CWE-203

NVD

Published: 2022-03-10

Updated: 2022-03-15

Summary

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.

Vulnerable Configurations

Part	Description	Count
Application	Occlum_Project Occlum Project Occlum - Occlum Project Occlum 0.5.0 Occlum Project Occlum 0.6.0 Occlum Project Occlum 0.7.0 Occlum Project Occlum 0.8.0 Occlum Project Occlum 0.9.0 Occlum Project Occlum 0.10.0 Occlum Project Occlum 0.11.0 Occlum Project Occlum 0.12.0 Occlum Project Occlum 0.12.1 Occlum Project Occlum 0.12.2 Occlum Project Occlum 0.13.0 Occlum Project Occlum 0.13.1 Occlum Project Occlum 0.14.0 Occlum Project Occlum 0.15.0 Occlum Project Occlum 0.15.1 Occlum Project Occlum 0.16.0 Occlum Project Occlum 0.17.0 Occlum Project Occlum 0.18.0 Occlum Project Occlum 0.18.1 Occlum Project Occlum 0.19.0 Occlum Project Occlum 0.19.1 Occlum Project Occlum 0.20.0 Occlum Project Occlum 0.21.0 Occlum Project Occlum 0.22.0 Occlum Project Occlum 0.23.0 Occlum Project Occlum 0.23.1 Occlum Project Occlum 0.23.2 Occlum Project Occlum 0.23.3 Occlum Project Occlum 0.23.4 Occlum Project Occlum 0.23.5 Occlum Project Occlum 0.23.6 Occlum Project Occlum 0.23.7 Occlum Project Occlum 0.24.0 Occlum Project Occlum 0.24.1 Occlum Project Occlum 0.24.2 Occlum Project Occlum 0.25.0	37

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References