CVE-2021-36219 – CVE-2021-36219 is a critical memory corruption ... (How to Fix)

Q: What is the severity of CVE-2021-36219?

CVE-2021-36219 has a CVSS score of 9.8 (CRITICAL). CVE-2021-36219 is a critical memory corruption vulnerability in SKALE sgxwallet that allows an attacker to free uninitialized stack pointers, potentially compromising the integrity of the SGX enclave. This affects users running sgxwallet versions before v1.77.0. Attackers could chain enclave calls to manipulate memory and potentially execute arbitrary code within the trusted execution environment.

📋 TL;DR

CVE-2021-36219 is a critical memory corruption vulnerability in SKALE sgxwallet that allows an attacker to free uninitialized stack pointers, potentially compromising the integrity of the SGX enclave. This affects users running sgxwallet versions before v1.77.0. Attackers could chain enclave calls to manipulate memory and potentially execute arbitrary code within the trusted execution environment.

💻 Affected Systems

Products:

SKALE sgxwallet

Versions: Versions before v1.77.0, specifically including v1.58.3

Operating Systems: Linux systems with Intel SGX support

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Intel SGX-capable hardware and Linux environment. The vulnerability is in the trusted ECALL 14 implementation within the enclave.

📦 What is this software?

Sgxwallet by Skale

View all CVEs affecting Sgxwallet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SGX enclave integrity leading to arbitrary code execution, private key theft, and full control over cryptographic operations within the secure enclave.

🟠

Likely Case

Enclave memory corruption leading to denial of service, potential information leakage, or partial compromise of cryptographic operations.

🟢

If Mitigated

Limited impact if enclave isolation prevents memory corruption from affecting host system, but enclave integrity remains compromised.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires chaining multiple enclave calls to prepare stack memory, but no authentication is needed to trigger the vulnerable ECALL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.77.0 and later

Vendor Advisory: https://github.com/skalenetwork/sgxwallet/releases

Restart Required: Yes

Instructions:

1. Stop sgxwallet service. 2. Update to v1.77.0 or later from official SKALE repository. 3. Restart sgxwallet service. 4. Verify enclave integrity.

🔧 Temporary Workarounds

Disable vulnerable ECALL

linux

Temporarily disable ECALL 14 functionality if not required

# Requires modifying sgxwallet source code to disable ECALL 14

Network isolation

linux

Restrict network access to sgxwallet to trusted sources only

sudo iptables -A INPUT -p tcp --dport [sgxwallet_port] -s [trusted_ip] -j ACCEPT
sudo iptables -A INPUT -p tcp --dport [sgxwallet_port] -j DROP

🧯 If You Can't Patch

Isolate sgxwallet instance from untrusted networks and external access
Implement additional monitoring for enclave memory access patterns and abnormal behavior

🔍 How to Verify

Check if Vulnerable:

Check sgxwallet version: sgxwallet --version or examine package version. If version is earlier than v1.77.0, system is vulnerable.

Check Version:

sgxwallet --version

Verify Fix Applied:

Verify sgxwallet version is v1.77.0 or later and test ECALL 14 functionality with controlled inputs.

📡 Detection & Monitoring

Log Indicators:

Multiple rapid ECALL 14 invocations
Enclave memory allocation errors
Unexpected enclave termination

Network Indicators:

Unusual traffic patterns to sgxwallet port
Multiple connection attempts from single source

SIEM Query:

source="sgxwallet.log" AND ("ECALL 14" OR "enclave termination" OR "memory error")

📊 Metadata

CVE ID: CVE-2021-36219

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-824

Published: September 27, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/skalenetwork/sgxwallet/commit/4e9b5b7526db083177e81f8bafeaa4914d276a82 Patch,Third Party Advisory
https://github.com/skalenetwork/sgxwallet/releases Release Notes,Third Party Advisory
https://github.com/skalenetwork/sgxwallet/commit/4e9b5b7526db083177e81f8bafeaa4914d276a82 Patch,Third Party Advisory
https://github.com/skalenetwork/sgxwallet/releases Release Notes,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36219, you might also want to check these: