Home > Cyber News > CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel
CYBER NEWS

CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel

by   |  Last Update:  |  0 Comments  

CVE-2020-28588 linux kernel vulnerability-sensorstechforumCVE-2020-28588 is an information disclosure vulnerability in the Linux kernel that could allow KASLR bypass, also causing the discovery of more unpatched flaws in ARM devices.

CVE-2020-28588 Vulnerability

According to Cisco Talos researchers who discovered the issue, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. The flaw stems from an improper conversion of numeric values when reading the file.




“TALOS-2020-1211 (CVE-2020-28588) is an information disclosure vulnerability that could allow an attacker to view Kernel stack memory. We first discovered this issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel,” Cisco Talos’s advisory says.

Linux users should update the affected products as soon as possible: Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8. Talos researchers tested and confirmed that these versions of the Linux Kernel could be exploited by the vulnerability.

A previous Linux kernel bug is CVE-2019-11815, a race condition vulnerability tracked as CVE-2019-11815 found in Linux machines running distros with kernels prior to 5.0.8. The flaw could lead to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Specially crafted TCP packets could be used to launch attacks against Linux boxes. This could trigger use-after-free errors and further enable hackers to execute arbitrary code. The vulnerability, reported in 2019, was severe, having a 8.1 severity base score, and it could be exploited without the need of user interaction.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Top 15 Linux Security Questions You Didn’t Know You Had Beginner Linux administrators and users should know that even though...
  2. The Best Linux Server Distributions in 2017 Gnu/Linux is one of the leading server operating systems due...
  3. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  4. Multiple Vulnerabilities in Linux-Based SRM (Synology Router Manager) There’s hardly any software without vulnerabilities, as evident by the...
  5. CVE-2019-11815: Bug in Linux Kernel Prior to Version 5.0.8 A race condition vulnerability tracked as CVE-2019-11815 has been found...
  6. Top Security and Privacy Linux Distributions in 2019 There are many specialist Linux distributions that are designed with...
  7. CVE-2022-25636: Linux Kernel Netfilter Vulnerability Security researcher Nick Gregory recently discovered and reported a new...
  8. CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel A Spectre variant 4 vulnerability has been identified in the...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree