CVE-2020-15107

Name of the Vulnerable Software and Affected Versions openenclave versions prior to 0.10.0

Description The issue affects enclaves that use x87 FPU operations, making them vulnerable to tampering by a malicious host application. This is due to the violation of the Linux System V Application Binary Interface (ABI) for such operations, allowing a host app to compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this may also be used to mount a side-channel attack on the enclave.

Recommendations For versions prior to 0.10.0, users will need to recompile their applications against the patched libraries to be protected from this issue. As a temporary workaround, consider restricting the use of x87 FPU operations in enclaves until a patch is applied.