ID CVE-2021-3543
Summary A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
References
Vulnerable Configurations
  • cpe:2.3:a:nitro_enclaves_project:nitro_enclaves:*:*:*:*:*:*:*:*
    cpe:2.3:a:nitro_enclaves_project:nitro_enclaves:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 11-06-2021 - 19:14)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
Last major update 11-06-2021 - 19:14
Published 01-06-2021 - 14:15
Last modified 11-06-2021 - 19:14
Back to Top