VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 15, 2020· Updated Aug 4, 2024

Arbitrary enclave memory location write from untrusted environment

CVE-2020-8937

Description

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Asylo 0.6.0 and earlier has an arbitrary memory overwrite via enc_untrusted_create_wait_queue due to missing pointer validation.

Vulnerability

An arbitrary memory overwrite vulnerability exists in Asylo versions up to and including 0.6.0. The host call enc_untrusted_create_wait_queue uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate that the pointer resides in untrusted memory. This allows an attacker to write memory values from within the enclave.

Exploitation

An attacker running code inside the enclave can call enc_untrusted_create_wait_queue with a crafted pointer that points to arbitrary memory within the enclave. The function then uses UntrustedLocalMemcpy to copy data to that pointer, overwriting arbitrary memory.

Impact

Successful exploitation allows the attacker to write arbitrary memory values from within the enclave, potentially leading to privilege escalation, data corruption, or arbitrary code execution within the enclave's security context.

Mitigation

The issue is fixed in commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02 [1]. Users should upgrade to a version beyond 0.6.0 containing this fix. No workaround is available for versions prior to the patch.

References
  1. Check untrusted queue is in outside enclave · google/asylo@a37fb6a

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Google/asylollm-fuzzy
    Range: <=0.6.0
  • Google LLC/Asylov5
    Range: 0.6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.