An issue was found in the Nitro Enclaves kernel driver codebase [1] included in the v5.10 upstream Linux kernel. The fix for it has been tested on the AWS side. The issue does not break the isolation or security of what is running inside the enclave. Nitro Enclaves already assumes that the instance running the Nitro Enclaves kernel driver is untrusted. We would like to thank Mathias Krause from Open Source Security, Inc. for reporting and providing a fix for this issue directly to AWS. The patch will be merged into the latest upstream Linux kernel release and into the v5.10+ stable kernel releases. Thanks, Andra [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/virt/nitro_enclaves Mathias Krause (1): nitro_enclaves: Fix stale file descriptors on failed usercopy drivers/virt/nitro_enclaves/ne_misc_dev.c | 43 +++++++++-------------- 1 file changed, 17 insertions(+), 26 deletions(-) -- 2.20.1 (Apple Git-117) Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
