Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Linux kernel vulnerability exposes Stack memory, causing local data leak
First announced by researchers from cybersecurity organization Cisco Talos on April 27, this is essentially a disclosure vulnerability "that could allow attackers to gain access. Kernel's stack memory - a crucial component of Linux 'open source operating systems.
If you do not know, the stack memory acts as a storage place for local variables in functions, passed parameters . The process of accessing this memory is very fast, and is executed when the program translate. The size of the stack memory is fixed, depending on the particular operating system. For example, the usual stack memory of Windows is 1MB, while that of Linux is 8MB.
The vulnerability is currently being tracked with identifier CVE-2020-28588, and originated from the proc / pid / syscall function of 32-bit ARM devices running the Linux operating system in general.
According to the results of preliminary investigations by Cisco Talos experts, the first issue related to this vulnerability was discovered on a device running on Azure Sphere. Attackers who have sought to exploit the security vulnerability could read the file / syscall OS through Proc, a system used to communicate between nuclear data structures.
The / syscall procfs item can be abused if an attacker launches a command to output 24 bytes in the uninitialized stack memory, resulting in Kernel Address Space Layout Randomization (KASLR) bypassing.
The attack was "undetectable on the remote network" because it was essentially a legitimate Linux OS file being read, the researchers said.
"If used properly, an attacker can take advantage of this information leak to successfully exploit additional unpatched Linux vulnerabilities," the Cisco team added.
Linux kernel versions 5.10-rc4, 5.4.66, and 5.9.8 are directly affected by this vulnerability. Currently, a patch has been released to minimize the risks associated with the vulnerability. It is recommended that users update their builds to the latest version to ensure safety.
Micah SotoYou should read it
- 20+ essential Linux security commands
- Found 37 security holes in VNC on Linux, Windows
- How to manage memory to restrict Linux to use too much RAM
- Microsoft officially submitted an application to join 'Linux secretion'.
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- How to secure Linux server with fail2ban
- 10 reasons to switch to Linux right in 2012
- Detect 2 serious security holes in the Zoom application
May be interested
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
microsoft security researchers announced that they discovered more than two dozen serious remote code execution (rce) vulnerabilities related to internet of things (iot) and operational technology (ot) devices being used. relatively popular use today. - New Internet threats are quietly taking placevpns and virtual private networks are increasingly being used by individuals and organizations. however, the insecure of these virtual private networks will lead to serious consequences, becoming a potential threat but little attention.
- Update your Macbook now to avoid this major security bugrecently, a zero-day vulnerability allowed hackers to bypass many of apple's security protocols and deploy malware on an unknown number of computers. this vulnerability has been fixed in macos 11.3.
- Hundreds of networks were accessed illegally when Codecov was attacked on a large scalecodecov suffered a relatively small supply-chain attack.
- Warning campaign of large-scale ransomware attack, misuse of 7zip to encrypt QNAP devicesinternational cybersecurity researchers have warned of a massive ransomware attack against qnap devices around the world.
- Has the time of targeted ransomware arrived?according to the latest report from kaspersky security network (ksn), the number of ransonware attacks in 2020 is 804,513, less than half compared to 2019 (more than 1.9 million).
What's new in Linux Kernel 5.18?
What's New in Linux Kernel 5.14?
What's new in Linux Kernel 5.9?
Linux Kernel 5.16 officially released with great features for gamers
Stack data structure (Stack)