The Cisco Talos team announced that they have discovered an information disclosure vulnerability in the Linux Kernel, which is the core of Unix-like operating systems. According to the announcement, the vulnerability specifically exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux.
Allows viewing Kernel stack memory
The vulnerability, tracked as TALOS-2020-1211 (CVE-2020-28588), could allow an attacker to view Kernel stack memory. It was originally discovered on an Azure Sphere device, a 32-bit ARM device that runs a patched Linux kernel. The vulnerability could be exploited by reading /proc/<pid>/syscall, a legitimate Linux operating system file, which also makes it undetectable on a network remotely.
If an attacker can utilize it correctly, it can be leveraged to leak to successfully exploit additional unpatched Linux vulnerabilities. The /proc/pid/syscall functionality has been introduced in v5.1-rc4 and is still present in v5.10-rc4. All the version in between is likely to be affected by the vulnerability.
See more Cyber Security News