3 matches found
CVE-2020-15107
CVE-2020-15107 affects OpenEnclave up to version 0.10.0: enclaves performing x87 FPU operations can be tampered by a malicious host app that violates the Linux SYSV ABI, compromising execution integrity and enabling potential side-channel attacks depending on FPU config. The issue has been fixed ...
CVE-2020-15224
CVE-2020-15224 : Open Enclave before 0.12.0 has an information disclosure vulnerability when an enclave application uses socket-related syscalls (sockets.edl) loaded by a malicious host. An attacker who logs in and runs a crafted application could read privileged data from the enclave heap across...
CVE-2023-37479
Open Enclave SDK before 0.19.3 is affected by two issues: MXCSR not sanitized on enclave entry, enabling MXCSR Configuration Dependent Timing (MCDT) attacks, and RFLAGS.AC not sanitized, enabling a side-channel that reveals unaligned memory accesses. The guidance indicates these have been address...