According to Cisco Talos researchers who discovered the issue, the vulnerability exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. The flaw stems from an improper conversion of numeric values when reading the file.
“TALOS-2020-1211 (CVE-2020-28588) is an information disclosure vulnerability that could allow an attacker to view Kernel stack memory. We first discovered this issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel,” Cisco Talos’s advisory says.
Linux users should update the affected products as soon as possible: Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8. Talos researchers tested and confirmed that these versions of the Linux Kernel could be exploited by the vulnerability.
A previous Linux kernel bug is CVE-2019-11815, a race condition vulnerability tracked as CVE-2019-11815 found in Linux machines running distros with kernels prior to 5.0.8. The flaw could lead to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.
Specially crafted TCP packets could be used to launch attacks against Linux boxes. This could trigger use-after-free errors and further enable hackers to execute arbitrary code. The vulnerability, reported in 2019, was severe, having a 8.1 severity base score, and it could be exploited without the need of user interaction.