An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted malicious user to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the malicious user to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google asylo |