Sudo Heap-Based Buffer Overflow

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations...

Huawei Emui and Honor Magic Ui Buffer Overflow Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei of China. Honor Magic Ui is an Android-based mobile operating system developed by Honor of China. Several Huawei and Honor mobile device operating systems are vulnerable to buffer overflow, which can be exploited by...

Huawei Emui 和 Honor Magic Ui 缓冲区错误漏洞

Huawei Emui is an Android-based mobile operating system developed by Huawei of China. Honor Magic Ui is an Android-based mobile operating system developed by Honor of China. Several Huawei and Honor mobile device operating systems are vulnerable to buffer overflow, which can be exploited by...

Exploit for CVE-2021-26943

SmmExploit This is a report and an exploit of CVE-2021-26943...

CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8935

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...

CVE-2020-8938

CVE-2020-8938 affects Asylo up to version 0.6.0, where an arbitrary memory overwrite can occur via a host call to FromkLinuxSockAddr with attacker‑controlled content and size of klinux_addr, allowing memory values to be written from inside the enclave. The issue is documented across multiple sour...

CVE-2020-8938 Arbitrary enclave memory location write from untrusted environment

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinuxaddr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commi...

CVE-2020-8937

CVE-2020-8937 affects Asylo versions up to 0.6.0. The vulnerability enables an arbitrary enclave memory overwrite via a host call to enc_untrusted_create_wait_queue that uses a pointer queue relying on UntrustedLocalMemcpy, failing to validate pointer location. This allows memory values to be wri...

CVE-2020-8937 Arbitrary enclave memory location write from untrusted environment

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2020-8936 Arbitrary enclave memory overwrite vulnerability in ECall ecall_restore

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...