Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU45854
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8904
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to #BASIC_IMPACT#.
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
MitigationInstall update from vendor's website.
Vulnerable software versionsasylo: 0.2.0 - 0.5.3
External linkshttp://github.com/google/asylo/commit/e582f36ac49ee11a21d23ad6a30c333092e0a94e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU45855
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8905
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.
MitigationInstall update from vendor's website.
Vulnerable software versionsasylo: 0.2.0 - 0.5.3
External linkshttp://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.