{"id":"CVE-2020-8938","details":"An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02","modified":"2026-04-11T17:01:42.385476Z","published":"2020-12-15T15:15:13.300Z","references":[{"type":"FIX","url":"https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/asylo","events":[{"introduced":"0"},{"last_affected":"299f804acbb95a612ab7c504d25ab908aa59ae93"},{"fixed":"bda9772e7872b0d2b9bee32930cf7a4983837b39"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.6.0"}]}}],"versions":["buildenv-v0.2.0","buildenv-v0.2.1","buildenv-v0.2.2","buildenv-v0.3.0","buildenv-v0.3.1","buildenv-v0.3.2","buildenv-v0.3.3","buildenv-v0.3.4","buildenv-v0.4.0","buildenv-v0.4.1","buildenv-v0.5.0","buildenv-v0.5.1","buildenv-v0.5.2","buildenv-v0.5.3","buildenv-v0.6.0","v0.2.0","v0.2.1","v0.2.2","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.4.1","v0.4.0","v0.4.1","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"276634427334456250506915416195287932212","length":1812},"deprecated":false,"target":{"file":"asylo/platform/system_call/type_conversions/manual_types_functions.cc","function":"FromkLinuxSockAddr"},"source":"https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39","signature_version":"v1","id":"CVE-2020-8938-02c94e7b","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["224622692659095594116796121325666375537","258300968244519539966730222550514275793","31976310958349136905499546038586408132","122891448247447189379876431571775108173","45745031556168929570646256163036053546","3692053811792430187115949791089054351","337951493904622095677203663831071663680","234578970323646253732573266390107434727","207056685382301034945293980035265562765","278965873354353131969536507851939603023","306627332465685616850742984101958326171","175283638473887951665391927916184734622"]},"deprecated":false,"target":{"file":"asylo/platform/system_call/type_conversions/manual_types_functions.cc"},"source":"https://github.com/google/asylo/commit/bda9772e7872b0d2b9bee32930cf7a4983837b39","signature_version":"v1","id":"CVE-2020-8938-75a8a53e","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8938.json","vanir_signatures_modified":"2026-04-11T17:01:42Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}