19 matches found
EUVD-2020-29775
Malware in sbrugna...
EUVD-2020-29766
Malware in sbrugna...
EUVD-2020-29769
Malware in sbrugna...
EUVD-2020-29768
Malware in sbrugna...
EUVD-2020-29774
Malware in sbrugna...
EUVD-2021-9693
Malicious code in bioql PyPI...
CVE-2020-8942
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedread whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the...
CVE-2020-8944
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...
CVE-2020-8941
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedinetpton using an attacker controlled klinuxaddrbuffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended...
CVE-2020-8937
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...
CVE-2020-8940
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size...
CVE-2020-8935
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...
CVE-2020-8936
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...
Input validation
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asy...
PT-2021-15137 · Google · Asylo
Name of the Vulnerable Software and Affected Versions: Asylo versions prior to 0.6.2 Description: An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. Recommendations: For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit...
Memory corruption
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedinetpton using an attacker controlled klinuxaddrbuffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended...
Memory corruption
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...
Memory corruption
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedread whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the...
Google Asylo Buffer Error Vulnerability
Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Google Asylo version 0.6.0 and...