CVE-2021-3543
MEDIUMNitro Enclaves < 5.10.0 - NULL Pointer Dereference via Enclave File Descriptor Closure
Title source: llmDescription
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1953022
Mailing List x_refsource_misc
https://lore.kernel.org/lkml/20210429165941.27020-2-andraprs%40amazon.com/
Scores
CVSS v3
6.7
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-476
CWE-416
Status
published
Products (3)
fedoraproject/fedora
34
nitro_enclaves_project/nitro_enclaves
< 5.10.0
redhat/enterprise_linux
8.0
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026