CVE-2020-8935 MEDIUM

CVE-2020-8935

Vendor Google Llc
Product Asylo
Published December 15, 2020
Last update August 4, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.

Key dates

02Disclosure timeline

December 15, 2020 CVE published
August 4, 2024 Record updated