CVE-2020-15107 - Vulnerability Details

Vendors	Products
Openenclave	Openenclave

Link	Providers
https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999

{"containers": {"cna": {"affected": [{"product": "openenclave", "vendor": "openenclave", "versions": [{"status": "affected", "version": "< 0.10.0"}]}], "descriptions": [{"lang": "en", "value": "In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Compromised execution integrity", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T21:21:38", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999"}], "source": {"advisory": "GHSA-7wjx-wcwg-w999", "discovery": "UNKNOWN"}, "title": "x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15107", "STATE": "PUBLIC", "TITLE": "x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openenclave", "version": {"version_data": [{"version_value": "< 0.10.0"}]}}]}, "vendor_name": "openenclave"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Compromised execution integrity"}]}]}, "references": {"reference_data": [{"name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999", "refsource": "CONFIRM", "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999"}]}, "source": {"advisory": "GHSA-7wjx-wcwg-w999", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:21.928Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15107", "datePublished": "2020-07-15T21:21:38", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:21.928Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB8DA108-BE91-4BB6-84FA-710672A3A726", "versionEndExcluding": "0.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."}, {"lang": "es", "value": "En openenclave versi\u00f3n anterior a 0.10.0, los enclaves que usan operaciones x87 FPU son vulnerables a la manipulaci\u00f3n por parte de una aplicaci\u00f3n host maliciosa. Al violar la Application Binary Interface (ABI) de Linux System V para tales operaciones, una aplicaci\u00f3n host puede comprometer la integridad de ejecuci\u00f3n de algunas operaciones x87 FPU en un enclave. Dependiendo de la configuraci\u00f3n de control de FPU de la aplicaci\u00f3n de enclave y de si las operaciones se usan en rutas de ejecuci\u00f3n dependientes de secretos, esta vulnerabilidad tambi\u00e9n puede ser usada para montar un ataque de canal lateral en el enclave. Esto se ha corregido en 0.10.0 y la derivaci\u00f3n maestra actual. Los usuarios deber\u00e1n recompilar sus aplicaciones contra las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"}], "id": "CVE-2020-15107", "lastModified": "2024-11-21T05:04:49.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-15T22:15:13.967", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object