Security Advisory

CVE-2020-8904

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-08-12 18:20:13

Last updated 2024-09-16 23:21:07

Assigner Google

State PUBLISHED

Description

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.

← Browse all CVEs View on cve.org ↗