Security Expert Re: New Vulnerability Found in Linux Kernel

<p style=\"font-weight: 400;\">This newly discovered vulnerability indeed looks very actionable and easy to exploit under the right technical conditions, so we recommend affected vendors update their kernel or apply the patch.</p> <p> </p> <p style=\"font-weight: 400;\">These kinds of vulnerabilities are almost exclusively used as part of a local privilege escalation attack chain to circumvent the Linux kernel randomization (KASLR) mitigation.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">This new discovery illustrates the value of automated applicability scanning, which helps determine if a new vulnerability can be realistically exploited. In this case, we found that the vulnerability is only exploitable in devices under one of the following specific conditions:</p> <p style=\"font-weight: 400;\"> </p> <ol> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_HAVE_ARCH_TRACEHOOK (quite common)</li> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_RANDOMIZE_BASE (KASLR, less common on embedded devices)</li> <li style=\"font-weight: 400;\">The kernel is a 32-bit kernel</li> </ol> <p> </p> <p style=\"font-weight: 400;\">Regarding point #2, note that the vulnerability is probably not applicable on ARM 32-bit devices since a vanilla Linux ARM32 kernel does not have KASLR. Some kernel forks, such as Android, have backported the KASLR feature to 32-bit, but since the vulnerability is only relevant on Linux kernel 5.1 and later, we assume no Android devices will be affected.</p>