An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
References
Link | Resource |
---|---|
https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39 | Patch Third Party Advisory |
Configurations
Information
Published : 2020-12-15 07:15
Updated : 2020-12-17 07:22
NVD link : CVE-2020-8938
Mitre link : CVE-2020-8938
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
- asylo