Linux kernel vulnerability exposes Stack memory, causing local data leak
First announced by researchers from cybersecurity organization Cisco Talos on April 27, this is essentially a disclosure vulnerability "that could allow attackers to gain access. Kernel's stack memory - a crucial component of Linux 'open source operating systems.
If you do not know, the stack memory acts as a storage place for local variables in functions, passed parameters . The process of accessing this memory is very fast, and is executed when the program translate. The size of the stack memory is fixed, depending on the particular operating system. For example, the usual stack memory of Windows is 1MB, while that of Linux is 8MB.
The vulnerability is currently being tracked with identifier CVE-2020-28588, and originated from the proc / pid / syscall function of 32-bit ARM devices running the Linux operating system in general.
According to the results of preliminary investigations by Cisco Talos experts, the first issue related to this vulnerability was discovered on a device running on Azure Sphere. Attackers who have sought to exploit the security vulnerability could read the file / syscall OS through Proc, a system used to communicate between nuclear data structures.
The / syscall procfs item can be abused if an attacker launches a command to output 24 bytes in the uninitialized stack memory, resulting in Kernel Address Space Layout Randomization (KASLR) bypassing.
The attack was "undetectable on the remote network" because it was essentially a legitimate Linux OS file being read, the researchers said.
"If used properly, an attacker can take advantage of this information leak to successfully exploit additional unpatched Linux vulnerabilities," the Cisco team added.
Linux kernel versions 5.10-rc4, 5.4.66, and 5.9.8 are directly affected by this vulnerability. Currently, a patch has been released to minimize the risks associated with the vulnerability. It is recommended that users update their builds to the latest version to ensure safety.
You should read it
- 20+ essential Linux security commands
- Found 37 security holes in VNC on Linux, Windows
- How to manage memory to restrict Linux to use too much RAM
- Microsoft officially submitted an application to join 'Linux secretion'.
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- How to secure Linux server with fail2ban
- 10 reasons to switch to Linux right in 2012
- Detect 2 serious security holes in the Zoom application
May be interested
- What is Linux Kernel? Application functions of Linux Kernel in computer systemsthe obvious common point of linux-based operating systems is that they all have the linux kernel. so what exactly is the linux kernel? application function of linux kernel in computer system? what are the components of the linux kernel?
- Microsoft releases tool to help detect memory leaks with Edgememory leak is a common problem in programming, when a piece of code is not managed and allocated memory properly after it stops running.
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distrosrecently, security researcher max kellermann shared about a security flaw called 'dirty pipe'. it affects linux kernel 5.8 and above and even android devices.
- Microsoft will release Linux 'genuine' Linux kernel with Windows 10 WSLmicrosoft will start 'shipping' a built and customized linux kernel (linux kernel), first applied to windows 10 insider builds this summer. it is known that this kernel will act as a backbone of windows subsystem for linux 2.0 or wsl2.
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication requiredrecently, the ncsc cybersecurity monitoring center recorded an exploit code for a critical security vulnerability cve-2022-21907 in windows' http protocol stack.
- Is Linux the operating system or the kernel?one of the questions you will probably find on most tech forums is whether linux is the operating system or the kernel. even for some proficient linux users, this question can be relatively difficult to answer.
- Update Linux kernel on Ubuntu via UKUUlinux kernel on ubuntu is the core of this operating system. it is the intermediate interface between computer hardware and software applications.
- How to create a Custom Kernel on Ubuntubuilding the system's operating system kernel from scratch sounds scary. however, actually building linux kernel is easy. in the article below, tipsmake.com will guide you to create custom kernel on ubuntu.
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connectioninternational security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams.
- What does leak mean?leaks are words that are used a lot today in different meanings, so we need to understand the correct meaning to use the right case.