CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3543

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.2%

CVSS Severity

CVSS v3 Score 6.7

CVSS v2 Score 7.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1953022
https://lore.kernel.org/lkml/20210429165941.27020-2-andraprs%40amazon.com/
https://bugzilla.redhat.com/show_bug.cgi?id=1953022
https://lore.kernel.org/lkml/20210429165941.27020-2-andraprs%40amazon.com/

Products affected by CVE-2021-3543

Nitro Enclaves Project » Nitro Enclaves » Version: Any

cpe:2.3:a:nitro_enclaves_project:nitro_enclaves:*
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3543

Products

Pricing

Contact Us