Arbitrary trusted memory overwrite vulnerability in Asylo

Vulnerability

The vulnerability resides in the ecall_restore function within Asylo's SGX primitives (file asylo/platform/primitives/sgx) in versions prior to 0.6.0. The function fails to validate that the output_len pointer points to untrusted memory outside the enclave. This omission allows an attacker to supply a crafted output_len pointer that, when dereferenced, leads to an arbitrary memory overwrite inside the trusted enclave memory. All versions before 0.6.0 are affected.

Exploitation

An attacker must be able to invoke the ecall_restore ECALL from untrusted code with controlled input, input_len, output, and output_len pointers. No authentication or special privileges are required beyond the ability to communicate with the enclave. The attacker sets output_len to point to a desired location within enclave memory. The function then writes the actual output length to that location, overwriting arbitrary trusted memory.

Impact

Successful exploitation allows an attacker to overwrite arbitrary memory inside the enclave. This can corrupt enclave state, potentially leading to arbitrary code execution within the enclave or leakage of sensitive data. The compromise affects the confidentiality, integrity, and availability of the trusted execution environment.

Mitigation

The fix was introduced in commit e582f36 [1], which adds an IsOutsideEnclave check for the output_len pointer. Users should update to Asylo version 0.6.0 or later, which includes this fix. No workaround is available for earlier versions. The repository has been archived, but the 0.6.0 release contains the patch.