Security Expert Re: New Vulnerability Found in Linux Kernel

BACKGROUND:

Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.

Experts Comments

April 29, 2021
Shachar Menashe
VP Security
Vdoo

This newly discovered vulnerability indeed looks very actionable and easy to exploit under the right technical conditions, so we recommend affected vendors update their kernel or apply the patch.

 

These kinds of vulnerabilities are almost exclusively used as part of a local privilege escalation attack chain to circumvent the Linux kernel randomization (KASLR) mitigation.

 

This new discovery illustrates the value of automated applicability scanning, which helps determine if a new vulnerability

.....Read More

This newly discovered vulnerability indeed looks very actionable and easy to exploit under the right technical conditions, so we recommend affected vendors update their kernel or apply the patch.

 

These kinds of vulnerabilities are almost exclusively used as part of a local privilege escalation attack chain to circumvent the Linux kernel randomization (KASLR) mitigation.

 

This new discovery illustrates the value of automated applicability scanning, which helps determine if a new vulnerability can be realistically exploited. In this case, we found that the vulnerability is only exploitable in devices under one of the following specific conditions:

 

  1. The kernel is built with CONFIG_HAVE_ARCH_TRACEHOOK (quite common)
  2. The kernel is built with CONFIG_RANDOMIZE_BASE (KASLR, less common on embedded devices)
  3. The kernel is a 32-bit kernel

 

Regarding point #2, note that the vulnerability is probably not applicable on ARM 32-bit devices since a vanilla Linux ARM32 kernel does not have KASLR. Some kernel forks, such as Android, have backported the KASLR feature to 32-bit, but since the vulnerability is only relevant on Linux kernel 5.1 and later, we assume no Android devices will be affected.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.