An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02
{
"cpe": "cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"source": "https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "276634427334456250506915416195287932212",
"length": 1812.0
},
"deprecated": false,
"id": "CVE-2020-8938-02c94e7b",
"target": {
"function": "FromkLinuxSockAddr",
"file": "asylo/platform/system_call/type_conversions/manual_types_functions.cc"
}
},
{
"source": "https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"224622692659095594116796121325666375537",
"258300968244519539966730222550514275793",
"31976310958349136905499546038586408132",
"122891448247447189379876431571775108173",
"45745031556168929570646256163036053546",
"3692053811792430187115949791089054351",
"337951493904622095677203663831071663680",
"234578970323646253732573266390107434727",
"207056685382301034945293980035265562765",
"278965873354353131969536507851939603023",
"306627332465685616850742984101958326171",
"175283638473887951665391927916184734622"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-8938-75a8a53e",
"target": {
"file": "asylo/platform/system_call/type_conversions/manual_types_functions.cc"
}
}
]
"2026-07-08T20:43:37Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8938.json"