Multiple vulnerabilities in Google, asylo



Published: 2020-08-12 | Updated: 2020-08-30
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-8904
CVE-2020-8905
CWE-ID CWE-119
CWE-120
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		asylo
/

Vendor Google

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU45854

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8904

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to #BASIC_IMPACT#.

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.

Mitigation

Install update from vendor's website.

Vulnerable software versions

asylo: 0.2.0 - 0.5.3

External links

http://github.com/google/asylo/commit/e582f36ac49ee11a21d23ad6a30c333092e0a94e


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU45855

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8905

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.

Mitigation

Install update from vendor's website.

Vulnerable software versions

asylo: 0.2.0 - 0.5.3

External links

http://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###