On 20th April 2021, Oracle released a security alert on addressing a vulnerability that was discovered on the Linux Kernel. This vulnerability showed that the function “collect_syscall()” improperly casts the syscall registers to 64-bit values. This results in the leaking of the uninitialized last 24 bytes on 32-bit platforms, that are visible in “/proc/self/syscall” path.
An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32-bit systems. A local attacker could use this to expose sensitive information (kernel memory). Further, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.
- Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8
- It is recommended that you apply patches to the Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8
For further information on this vulnerability kindly follow the below URL:
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
- Oracle Linux Bulletin - April 2021. Retrieved from Oracle
- Linux Kernel Bug Opens Door to Wider Cyberattacks. Retrieved from Threatpost