Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-22549: Store untrusted input to enclave variable · google/asylo@ecfcd00

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

CVE
Open in Source
#google#git

@@ -281,12 +281,13 @@ PrimitiveStatus TrustedPrimitives::UntrustedCall(uint64_t untrusted_selector, if (sgx_params->input_size > 0) { // Allocate and copy data to |input_buffer|. sgx_params->input = untrusted_cache->Malloc(sgx_params->input_size); if (!TrustedPrimitives::IsOutsideEnclave(sgx_params->input, sgx_params->input_size)) { const void *input_pointer = sgx_params->input; uint64_t input_size = sgx_params->input_size; if (!TrustedPrimitives::IsOutsideEnclave(input_pointer, input_size)) { TrustedPrimitives::BestEffortAbort( “UntrustedCall: sgx_param input should be in untrusted memory”); } input->Serialize(const_cast<void *>(sgx_params->input)); input->Serialize(const_cast<void *>(input_pointer)); } } sgx_params->output_size = 0;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE