Security Expert Re: New Vulnerability Found in Linux Kernel

BACKGROUND:

Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Shachar Menashe
Shachar Menashe , VP Security
InfoSec Expert
April 29, 2021 12:52 pm

<p style=\"font-weight: 400;\">This newly discovered vulnerability indeed looks very actionable and easy to exploit under the right technical conditions, so we recommend affected vendors update their kernel or apply the patch.</p> <p> </p> <p style=\"font-weight: 400;\">These kinds of vulnerabilities are almost exclusively used as part of a local privilege escalation attack chain to circumvent the Linux kernel randomization (KASLR) mitigation.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">This new discovery illustrates the value of automated applicability scanning, which helps determine if a new vulnerability can be realistically exploited. In this case, we found that the vulnerability is only exploitable in devices under one of the following specific conditions:</p> <p style=\"font-weight: 400;\"> </p> <ol> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_HAVE_ARCH_TRACEHOOK (quite common)</li> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_RANDOMIZE_BASE (KASLR, less common on embedded devices)</li> <li style=\"font-weight: 400;\">The kernel is a 32-bit kernel</li> </ol> <p> </p> <p style=\"font-weight: 400;\">Regarding point #2, note that the vulnerability is probably not applicable on ARM 32-bit devices since a vanilla Linux ARM32 kernel does not have KASLR. Some kernel forks, such as Android, have backported the KASLR feature to 32-bit, but since the vulnerability is only relevant on Linux kernel 5.1 and later, we assume no Android devices will be affected.</p>

Last edited 1 year ago by Shachar Menashe
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x