CyberNews Briefs

Linux kernel vulnerability exposes stack memory, causes data leaks

Cisco Talos has disclosed an information disclosure vulnerability in the Linux kernel that can lead to further compromise. According to a statement released by Cisco on Tuesday, the bug could allow an attacker to view Kernel stack memory, acting as a springboard to inflict further damage to a system and leak data. In Linux systems, the kernel is a key component of the operating aspect of the device. The vulnerability was discovered in the proc/pid/syscall functionality of 32-bit ARM devices running the OS. The vulnerability is tracked as CVE-2020-28588.

Cisco stated that the vulnerability was first detected in a device running on Azure Sphere. According to the company, attackers could exploit the flaw and gain access to the /syscall OS file via a system used for interfacing between kernel data structures, Proc. Researchers responsible for finding and analyzing the flaw state that if exploited, it would be impossible to detect the attack on a network remotely due to its nature as a legitimate Linux operating system file being read. Cisco urges customers to upgrade their devices immediately to avoid any cybersecurity risks.

Read More: Linux kernel vulnerability exposes stack memory, causes data leaks

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.