First published: Tue Dec 15 2020(Updated: )
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Asylo | <=0.6.0 |
Upgrade past commit 83036fd841d33baa7e039f842d131aa7881fdcc2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.