AL2021_13 Linux Kernel Bug Opens Door to Wider Cyberattacks (30th April 2021)

Description

On 20th April 2021, Oracle released a security alert on addressing a vulnerability that was discovered on the Linux Kernel. This vulnerability showed that the function “collect_syscall()” improperly casts the syscall registers to 64-bit values. This results in the leaking of the uninitialized last 24 bytes on 32-bit platforms, that are visible in “/proc/self/syscall” path.

Summary

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32-bit systems. A local attacker could use this to expose sensitive information (kernel memory). Further, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.

Product Affected:

  • Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8

SOLUTIONS:

  • It is recommended that you apply patches to the Linux Kernel versions 5.10-rc4, 5.4.66 and 5.9.8

For further information on this vulnerability kindly follow the below URL:

https://ubuntu.com/security/CVE-2020-28588

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.

References: