cnvd - cnvd-2022-20548

CNVD-2022-20548

Vulnerability from cnvd - Published: 2022-03-18

Title

Google Asylo内存读取漏洞

Description

Google Asylo是美国谷歌（Google）公司的一个用于开发可信应用程序的框架。该软件支持创建一个可信任的执行环境，包括软件隔离和硬件隔离。 Google Asylo在0.6.1版本存在内存读取漏洞漏洞，该漏洞允许不受信任的攻击者可以在MessageReader中传递syscall号码，然后由sysno()使用并可以绕过验证。攻击者能够从安全enclave中读取内存。

Severity

低

Patch Name

Google Asylo内存读取漏洞的补丁

Patch Description

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新：https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a

Reference

https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a

Impacted products

Name
Google Google asylo 0.6.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22552",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22552"
    }
  },
  "description": "Google Asylo\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5f00\u53d1\u53ef\u4fe1\u5e94\u7528\u7a0b\u5e8f\u7684\u6846\u67b6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u521b\u5efa\u4e00\u4e2a\u53ef\u4fe1\u4efb\u7684\u6267\u884c\u73af\u5883\uff0c\u5305\u62ec\u8f6f\u4ef6\u9694\u79bb\u548c\u786c\u4ef6\u9694\u79bb\u3002\n\nGoogle Asylo\u57280.6.1\u7248\u672c\u5b58\u5728\u5185\u5b58\u8bfb\u53d6\u6f0f\u6d1e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u4e0d\u53d7\u4fe1\u4efb\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5728MessageReader\u4e2d\u4f20\u9012syscall\u53f7\u7801\uff0c\u7136\u540e\u7531sysno()\u4f7f\u7528\u5e76\u53ef\u4ee5\u7ed5\u8fc7\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u80fd\u591f\u4ece\u5b89\u5168enclave\u4e2d\u8bfb\u53d6\u5185\u5b58\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1ahttps://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-20548",
  "openTime": "2022-03-18",
  "patchDescription": "Google Asylo\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5f00\u53d1\u53ef\u4fe1\u5e94\u7528\u7a0b\u5e8f\u7684\u6846\u67b6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u521b\u5efa\u4e00\u4e2a\u53ef\u4fe1\u4efb\u7684\u6267\u884c\u73af\u5883\uff0c\u5305\u62ec\u8f6f\u4ef6\u9694\u79bb\u548c\u786c\u4ef6\u9694\u79bb\u3002\r\n\r\nGoogle Asylo\u57280.6.1\u7248\u672c\u5b58\u5728\u5185\u5b58\u8bfb\u53d6\u6f0f\u6d1e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u4e0d\u53d7\u4fe1\u4efb\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5728MessageReader\u4e2d\u4f20\u9012syscall\u53f7\u7801\uff0c\u7136\u540e\u7531sysno()\u4f7f\u7528\u5e76\u53ef\u4ee5\u7ed5\u8fc7\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u80fd\u591f\u4ece\u5b89\u5168enclave\u4e2d\u8bfb\u53d6\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Asylo\u5185\u5b58\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Google asylo 0.6.1"
  },
  "referenceLink": "https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a",
  "serverity": "\u4f4e",
  "submitTime": "2021-08-05",
  "title": "Google Asylo\u5185\u5b58\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2021-22552 (GCVE-0-2021-22552)

Vulnerability from cvelistv5 – Published: 2021-08-02 15:40 – Updated: 2024-09-17 01:40

Summary

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-126 - Buffer Over-read

Assigner

Google

References

URL

Tags

https://github.com/google/asylo/commit/90d7619e9d…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Google LLC	Asylo	Affected: unspecified , ≤ 0.6.2 (custom)

Credits

Qinkun Bao (Baidu Security) Zhaofeng Chen (Baidu Security) Mingshen Sun (Baidu Security) Kang Li (Baidu Security)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:44:14.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Asylo",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThanOrEqual": "0.6.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Qinkun Bao (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Zhaofeng Chen (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Mingshen Sun (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Kang Li (Baidu Security)"
        }
      ],
      "datePublic": "2021-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-02T15:40:10",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Memory overread secure enclave in Asylo 0.6.2",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "DATE_PUBLIC": "2021-06-03T10:00:00.000Z",
          "ID": "CVE-2021-22552",
          "STATE": "PUBLIC",
          "TITLE": "Memory overread secure enclave in Asylo 0.6.2"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Asylo",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.6.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Qinkun Bao (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Zhaofeng Chen (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Mingshen Sun (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Kang Li (Baidu Security)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-126 Buffer Over-read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a",
              "refsource": "MISC",
              "url": "https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2021-22552",
    "datePublished": "2021-08-02T15:40:10.426091Z",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-09-17T01:40:58.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-20548

CVE-2021-22552 (GCVE-0-2021-22552)

Tags

Sightings

Nomenclature