{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T03:48:10.284","vulnerabilities":[{"cve":{"id":"CVE-2021-22552","sourceIdentifier":"cve-coordination@google.com","published":"2021-08-02T16:15:07.817","lastModified":"2024-11-21T05:50:19.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"},{"lang":"es","value":"Una vulnerabilidad de lectura de memoria no confiable en Asylo versiones hasta 0.6.1, permite a un atacante no confiable pasar un número de syscall en MessageReader que luego es usado por la función sysno() y puede omitir una comprobación. Esto puede permitir al atacante leer la memoria desde el enclave seguro. Recomendamos actualizar a Asylo versión 0.6.3 o a versión anterior https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a"}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-126"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.1","matchCriteriaId":"D3DBB15C-13B3-4E86-837A-C297F290AED4"}]}]}],"references":[{"url":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","source":"cve-coordination@google.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}