Lucene search

GoogleCVELIST:CVE-2020-8944

HistoryDec 15, 2020 - 2:55 p.m.

CVE-2020-8944 Unchecked buffer overrun in ecall_restore

2020-12-1514:55:39

CWE-120

Google

www.cve.org

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a

CNA Affected

[
  {
    "product": "Asylo",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThanOrEqual": "0.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/google/asylo/commit/382da2b8b09cbf928668a2445efb778f76bd9c8a

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-8944