Home > Cyber News > CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel
CYBER NEWS

CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel

CVE-2020-28588 linux kernel vulnerability-sensorstechforumCVE-2020-28588 is an information disclosure vulnerability in the Linux kernel that could allow KASLR bypass, also causing the discovery of more unpatched flaws in ARM devices.

CVE-2020-28588 Vulnerability

According to Cisco Talos researchers who discovered the issue, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. The flaw stems from an improper conversion of numeric values when reading the file.




“TALOS-2020-1211 (CVE-2020-28588) is an information disclosure vulnerability that could allow an attacker to view Kernel stack memory. We first discovered this issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel,” Cisco Talos’s advisory says.

Linux users should update the affected products as soon as possible: Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8. Talos researchers tested and confirmed that these versions of the Linux Kernel could be exploited by the vulnerability.

A previous Linux kernel bug is CVE-2019-11815, a race condition vulnerability tracked as CVE-2019-11815 found in Linux machines running distros with kernels prior to 5.0.8. The flaw could lead to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Specially crafted TCP packets could be used to launch attacks against Linux boxes. This could trigger use-after-free errors and further enable hackers to execute arbitrary code. The vulnerability, reported in 2019, was severe, having a 8.1 severity base score, and it could be exploited without the need of user interaction.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...