securitySoftwareMay 4, 20210Cisco Talos pinpoints vulnerability in Linux kernel

Cisco Talos researchers announced that they have discovered a vulnerability that could allow an attacker to view Kernel stack memory.

The Cisco Talos team announced that they have discovered an information disclosure vulnerability in the Linux Kernel, which is the core of Unix-like operating systems. According to the announcement, the vulnerability specifically exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. 

Allows viewing Kernel stack memory

The vulnerability, tracked as TALOS-2020-1211 (CVE-2020-28588), could allow an attacker to view Kernel stack memory. It was originally discovered on an Azure Sphere device, a 32-bit ARM device that runs a patched Linux kernel. The vulnerability could be exploited by reading /proc/<pid>/syscall, a legitimate Linux operating system file, which also makes it undetectable on a network remotely.

If an attacker can utilize it correctly, it can be leveraged to leak to successfully exploit additional unpatched Linux vulnerabilities. The /proc/pid/syscall functionality has been introduced in v5.1-rc4 and is still present in v5.10-rc4. All the version in between is likely to be affected by the vulnerability.

Source : Cloud7.news

Leave a Reply