BACKGROUND:
Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p style=\"font-weight: 400;\">This newly discovered vulnerability indeed looks very actionable and easy to exploit under the right technical conditions, so we recommend affected vendors update their kernel or apply the patch.</p> <p> </p> <p style=\"font-weight: 400;\">These kinds of vulnerabilities are almost exclusively used as part of a local privilege escalation attack chain to circumvent the Linux kernel randomization (KASLR) mitigation.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">This new discovery illustrates the value of automated applicability scanning, which helps determine if a new vulnerability can be realistically exploited. In this case, we found that the vulnerability is only exploitable in devices under one of the following specific conditions:</p> <p style=\"font-weight: 400;\"> </p> <ol> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_HAVE_ARCH_TRACEHOOK (quite common)</li> <li style=\"font-weight: 400;\">The kernel is built with CONFIG_RANDOMIZE_BASE (KASLR, less common on embedded devices)</li> <li style=\"font-weight: 400;\">The kernel is a 32-bit kernel</li> </ol> <p> </p> <p style=\"font-weight: 400;\">Regarding point #2, note that the vulnerability is probably not applicable on ARM 32-bit devices since a vanilla Linux ARM32 kernel does not have KASLR. Some kernel forks, such as Android, have backported the KASLR feature to 32-bit, but since the vulnerability is only relevant on Linux kernel 5.1 and later, we assume no Android devices will be affected.</p>