Arbitrary enclave memory overwrite vulnerability in ECall ecall_restore

Vulnerability

Asylo versions up to and including 0.6.0 contain an arbitrary memory overwrite vulnerability in the UntrustedCall primitive. The sgx_params->output pointer and sgx_params->output_size are not validated to ensure the output buffer lies outside the enclave memory region. This allows a malicious host to return a pointer that addresses enclave memory, leading to a write past the intended trusted boundary. [1]

Exploitation

An attacker with control over the untrusted host can craft a host call to UntrustedCall and provide an sgx_params->output pointer that points inside the enclave. The missing check allows the host to supply a pointer that overwrites enclave memory without triggering an abort. The attack requires the ability to make arbitrary host calls. [1]

Impact

Successful exploitation permits an untrusted host to write arbitrary data into enclave memory, potentially overwriting sensitive data, modifying code, or altering execution flow. This breaks the confidentiality and integrity guarantees of the enclave, leading to complete compromise of trusted execution. [1]

Mitigation

The fix [1] introduces a call to TrustedPrimitives::IsOutsideEnclave() on the output pointer before use. If the output is inside enclave memory, the enclave aborts with a security error. Users should update to Asylo version 0.6.1 or later. No workaround is available for earlier versions.