First published: Tue Dec 15 2020(Updated: )
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Asylo | <=0.6.0 |
Upgrade past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.