sgx-lkl icon indicating copy to clipboard operation
sgx-lkl copied to clipboard

Published 20 hours ago verified publisher icon lsds

Segfault and PANIC inside LKL Enclave

Open Arslan8 opened this issue 4 years ago • 2 comments

Hi, While doing genration based fuzzing on existing SGX programs, we found that SGX-LKL encalve does not do proper checking on the following fields:

  • #0 0x00007fe0005c93d2 in lkl_virtio_console_add (console=0x0)
  • args->shm->enc_dev_config
  • args->shm->timer_dev_mem
  • args->shm->virtio_blk_dev_mem
  • args->shm->virtio_blk_dev_names
  • args->shm->env
  • args->shm->virtio_swiotlb

The fuzzer works on the principle that arguments to enclave are coming from untrusted runtime and should be checked accordingly.

Arslan8 avatar Aug 06 '20 01:08 Arslan8

This issue has security implication. Proposed to assign P1.

bodzhang avatar Aug 07 '20 16:08 bodzhang

@Arslan8 Kudos to you and those involved. This is good work. Please keep it up.

douglasmaciver avatar Aug 08 '20 03:08 douglasmaciver