CVE-2020-8940

Name of the Vulnerable Software and Affected Versions Asylo versions up to 0.6.0

Description An arbitrary memory read issue allows an untrusted attacker to make a call to enc untrusted recvmsg using an attacker-controlled result parameter. The size parameter is unchecked, allowing the attacker to read memory locations outside of the intended buffer size, including memory addresses within the secure enclave.

Recommendations For Asylo versions up to 0.6.0, upgrade or apply changes past commit fa6485c5d16a7355eab047d4a44345a73bc9131e to resolve the issue. As a temporary workaround, consider restricting access to the enc untrusted recvmsg function until a patch is available.