← Zuruck zu CVEs
CVE-2020-8944
MEDIUM5.3
Beschreibung
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht12/15/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
google:asylo
Schwachen (CWE)
CWE-120CWE-787
Referenzen
https://github.com/google/asylo/commit/382da2b8b09cbf928668a2445efb778f76bd9c8a(cve-coordination@google.com)
https://github.com/google/asylo/commit/382da2b8b09cbf928668a2445efb778f76bd9c8a(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.