CVE-2021-44421

Published March 10th, 2022

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

2.1

LOW

Affected

PROJECT

Description

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.

occlum/occlum

Occlum is a memory-safe, multi-process library OS for Intel SGX

GitHub

1.52K