Vulnerability: CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02


https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39
https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8938


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply