silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of numeric values when reading the file.
With a few commands, attackers can output 24 bytes of uninitialized stack memory, which can be used to bypass kernel address space layout randomization (KASLR). KASLR is an anti-exploit technique that places various objects at random to prevent predictable patterns that are guessable by adversaries.
Attacks also would be “impossible to detect on a network remotely,” the firm explained. And, “if utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.”
Cisco Talos researchers first discovered the issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel. It’s been present since v5.1-rc4 of the kernel.
“Users are encouraged to update these affected products as soon as possible: Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8,” according to the advisory. “Talos tested and confirmed these versions of the Linux kernel could be exploited by this vulnerability.”
Linux Kernel Bug Opens Door to Wider Cyberattacks
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities on ARM devices.
threatpost.com