{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T11:42:31.903","vulnerabilities":[{"cve":{"id":"CVE-2020-15107","sourceIdentifier":"security-advisories@github.com","published":"2020-07-15T22:15:13.967","lastModified":"2024-11-21T05:04:49.570","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability."},{"lang":"es","value":"En openenclave versión anterior a 0.10.0, los enclaves que usan operaciones x87 FPU son vulnerables a la manipulación por parte de una aplicación host maliciosa. Al violar la Application Binary Interface (ABI) de Linux System V para tales operaciones, una aplicación host puede comprometer la integridad de ejecución de algunas operaciones x87 FPU en un enclave. Dependiendo de la configuración de control de FPU de la aplicación de enclave y de si las operaciones se usan en rutas de ejecución dependientes de secretos, esta vulnerabilidad también puede ser usada para montar un ataque de canal lateral en el enclave. Esto se ha corregido en 0.10.0 y la derivación maestra actual. Los usuarios deberán recompilar sus aplicaciones contra las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:N/I:P/A:N","baseScore":1.2,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":1.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"AB8DA108-BE91-4BB6-84FA-710672A3A726"}]}]}],"references":[{"url":"https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/openenclave/openenclave/security/advisories/GHSA-7wjx-wcwg-w999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}