Chong Cai

16 exploits Active since Aug 2020
CVE-2020-8904 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Arbitrary Memory Overwrite via ecall_restore Output Length Validation
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
CVSS 6.4
CVE-2020-8905 WRITEUP LOW WRITEUP
Asylo < 0.6.0 - Buffer Overflow via enc_untrusted_recvfrom MessageReader Deserialization
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.
CVSS 2.8
CVE-2020-8935 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Arbitrary Memory Overwrite via Ecall_restore Function
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.
CVSS 5.3
CVE-2020-8936 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Out-of-bounds Read via UntrustedCall Host Call
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.
CVSS 5.3
CVE-2020-8937 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Arbitrary Memory Overwrite via UntrustedLocalMemcpy in enc_untrusted_create_wait_queue
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
CVSS 5.3
CVE-2020-8938 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Arbitrary Memory Overwrite via FromkLinuxSockAddr Host Call
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
CVSS 5.3
CVE-2020-8939 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Out-of-bounds Read in enc_untrusted_inet_ntop
An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4
CVSS 5.3
CVE-2020-8940 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Unauthenticated Arbitrary Memory Read via enc_untrusted_recvmsg
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131e
CVSS 5.3
CVE-2020-8941 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Unauthenticated Out-of-bounds Read via enc_untrusted_inet_pton
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec
CVSS 5.3
CVE-2020-8942 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Unauthenticated Arbitrary Memory Read via enc_untrusted_read
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200
CVSS 5.3
CVE-2020-8943 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Unauthenticated Out-of-bounds Read via enc_untrusted_recvfrom
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f
CVSS 5.3
CVE-2020-8944 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.0 - Arbitrary Memory Write via ecall_restore Pointer Range Check Bypass
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a
CVSS 5.3
CVE-2021-22548 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.2 - Memory Corruption via Trusted Memory Pointer Manipulation
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
CVSS 6.5
CVE-2021-22549 WRITEUP MEDIUM WRITEUP
Google Asylo < 0.6.2 - Arbitrary Trusted Memory Overwrite via Out-of-range Pointer Offset
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
CVSS 6.5
CVE-2021-22550 WRITEUP MEDIUM WRITEUP
Google Asylo <0.6.3 - Memory Corruption
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c
CVSS 6.5
CVE-2021-22552 WRITEUP MEDIUM WRITEUP
Asylo < 0.6.1 - Unauthenticated Out-of-bounds Read via MessageReader Syscall Validation Bypass
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
CVSS 5.3