Security researchers have discovered an information disclosure vulnerability in the Linux kernel that can be exploited to leak data, at least on 32-bit Arm devices.
Disclosed by experts at Cisco Talos, the bug, tracked as CVE-2020-28588, could allow an attacker to view the contents of the kernel stack memory and can also be used as a springboard for further compromise.
The Cisco researchers first discovered this issue on an Azure Sphere device version 20.10, which is a 32-bit Arm device that runs a patched Linux kernel.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
The good news however is that the security researchers worked with the kernel developers to mitigate the bug, and a patch has been added to the mainline Linux kernel and backported to currently supported Long Term Support (LTS) releases as well.
Sharing details about the vulnerability the researchers observe that the issue was introduced in kernel v5.1-rc4 and was present till v5.10-rc4, before it was patched.
According to their analysis the weakness in the kernel could’ve been exploited by a threat actor by reading the contents of the /proc/<pid>/syscall system file.
“If utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities,” write the researchers.
In the post they describe how the attackers can abuse the proc pseudo-file system to bypass the Kernel Address Space Layout Randomization (KASLR).
The patch was merged in the kernel in December 2020 and should no longer pose a threat to anyone who applies security updates without fail.