Vulnerability Details CVE-2020-8944
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 2.1
References
Products affected by CVE-2020-8944
-
cpe:2.3:a:google:asylo:-
-
cpe:2.3:a:google:asylo:0.2.0
-
cpe:2.3:a:google:asylo:0.2.1
-
cpe:2.3:a:google:asylo:0.2.2
-
cpe:2.3:a:google:asylo:0.3.0
-
cpe:2.3:a:google:asylo:0.3.1
-
cpe:2.3:a:google:asylo:0.3.2
-
cpe:2.3:a:google:asylo:0.3.3
-
cpe:2.3:a:google:asylo:0.3.4
-
cpe:2.3:a:google:asylo:0.3.4.1
-
cpe:2.3:a:google:asylo:0.3.4.2
-
cpe:2.3:a:google:asylo:0.4.0
-
cpe:2.3:a:google:asylo:0.4.1
-
cpe:2.3:a:google:asylo:0.5.0
-
cpe:2.3:a:google:asylo:0.5.1
-
cpe:2.3:a:google:asylo:0.5.2
-
cpe:2.3:a:google:asylo:0.5.3
-
cpe:2.3:a:google:asylo:0.6.0