Every CVE whose affected-product data names Google Asylo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2021-22548 — CVSS 6.5 (medium): An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted…
CVE-2021-22549 — CVSS 6.5 (medium): An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2…
CVE-2021-22550 — CVSS 6.5 (medium): An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended…
CVE-2020-8904 — CVSS 6.4 (medium): An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function…
CVE-2020-8938 — CVSS 5.3 (medium): An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with…
CVE-2020-8939 — CVSS 5.3 (medium): An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read…
CVE-2020-8940 — CVSS 5.3 (medium): An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg…
CVE-2020-8941 — CVSS 5.3 (medium): An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton…
CVE-2020-8942 — CVSS 5.3 (medium): An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read…
CVE-2020-8943 — CVSS 5.3 (medium): An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom…
CVE-2020-8944 — CVSS 5.3 (medium): An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using…
CVE-2021-22552 — CVSS 5.3 (medium): An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader…
CVE-2020-8935 — CVSS 5.3 (medium): An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to…
CVE-2020-8936 — CVSS 5.3 (medium): An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall…
CVE-2020-8937 — CVSS 5.3 (medium): An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wai…
CVE-2020-8905 — CVSS 2.8 (low): A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to…