← Voltar para CVEs
CVE-2020-8944
MEDIUM5.3
Descricao
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/15/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
google:asylo
Fraquezas (CWE)
CWE-120CWE-787
Referencias
https://github.com/google/asylo/commit/382da2b8b09cbf928668a2445efb778f76bd9c8a(cve-coordination@google.com)
https://github.com/google/asylo/commit/382da2b8b09cbf928668a2445efb778f76bd9c8a(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.