Huawei Emui and Honor Magic Ui Buffer Overflow Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei of China. Honor Magic Ui is an Android-based mobile operating system developed by Honor of China. Several Huawei and Honor mobile device operating systems are vulnerable to buffer overflow, which can be exploited by...

Huawei Emui 和 Honor Magic Ui 缓冲区错误漏洞

Huawei Emui is an Android-based mobile operating system developed by Huawei of China. Honor Magic Ui is an Android-based mobile operating system developed by Honor of China. Several Huawei and Honor mobile device operating systems are vulnerable to buffer overflow, which can be exploited by...

Exploit for CVE-2021-26943

SmmExploit This is a report and an exploit of CVE-2021-26943...

CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8935

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8938 Arbitrary enclave memory location write from untrusted environment

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8938

CVE-2020-8938 affects Asylo up to version 0.6.0, where an arbitrary memory overwrite can occur via a host call to FromkLinuxSockAddr with attacker‑controlled content and size of klinux_addr, allowing memory values to be written from inside the enclave. The issue is documented across multiple sour...

CVE-2020-8937 Arbitrary enclave memory location write from untrusted environment

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8937

CVE-2020-8937 affects Asylo versions up to 0.6.0. The vulnerability enables an arbitrary enclave memory overwrite via a host call to enc_untrusted_create_wait_queue that uses a pointer queue relying on UntrustedLocalMemcpy, failing to validate pointer location. This allows memory values to be wri...

CVE-2020-8936

CVE-2020-8936 (Asylo) affects Asylo versions up to 0.6.0. The vulnerability stems from an UntrustedCall buffer range validation failure in sgx_params, allowing a host call to return a pointer to enclave memory. As a result, an attacker could read memory values from within the enclave. No remediat...

CVE-2020-8936 Arbitrary enclave memory overwrite vulnerability in ECall ecall_restore

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...