CVE-2020-15107

EPSS 0.1%
Veröffentlicht 15.07.2020 22:15:13
Zuletzt bearbeitet 21.11.2024 05:04:49
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openenclave ≫ Openenclave Version < 0.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.273

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	0.8	4	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
nvd@nist.gov	1.2	1.9	2.9	AV:L/AC:H/Au:N/C:N/I:P/A:N
security-advisories@github.com	5.3	0.8	4	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15107

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-15107