CVE-2020-28588:Information disclosure vulnerability in Linux Kernel's /proc/pid/syscall functionality allows attackers to leak kernel memory contents.

splash
Back

Description Preview

A vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel versions from 5.1 through 5.10-rc4. This issue was introduced in v5.1-rc4 through commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and persisted through v5.10-rc4. When an attacker reads the /proc/pid/syscall file, it can trigger this vulnerability, resulting in the disclosure of kernel memory contents. This is classified as CWE-681 (Incorrect Conversion between Numeric Types).

Overview

The vulnerability (CVE-2020-28588) affects the Linux Kernel's /proc filesystem, specifically the /proc/pid/syscall functionality. This feature provides information about the system call currently being executed by a process. Due to improper handling of numeric type conversions, an attacker with the ability to read this file can access kernel memory contents that should be protected. The vulnerability was introduced in Linux Kernel 5.1-rc4 and affects all subsequent versions up to 5.10-rc4. This information disclosure could potentially be leveraged by attackers to gather sensitive information from the kernel memory or to facilitate other attacks by revealing memory layout details.

Remediation

  1. Update to a patched version of the Linux Kernel if available.
  2. If updates are not immediately available, consider restricting access to the /proc/pid/syscall interface through sysctl or other kernel parameter configurations.
  3. Monitor system logs for suspicious access to /proc filesystem entries.
  4. Consider implementing additional access controls to limit who can read /proc/pid/syscall files.
  5. Follow security advisories from your Linux distribution vendor for specific patch information.

References

  1. Cisco Talos Intelligence Group Vulnerability Report: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
  2. Linux Kernel commit that introduced the issue: 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0
  3. CWE-681: Incorrect Conversion between Numeric Types - https://cwe.mitre.org/data/definitions/681.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Finance and Insurance
    Finance and Insurance
  3. Health Care & Social Assistance
    Health Care & Social Assistance
  4. Public Administration
    Public Administration
  5. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  6. Information
    Information
  7. Management of Companies & Enterprises
    Management of Companies & Enterprises
  8. Other Services (except Public Administration)
    Other Services (except Public Administration)
  9. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  10. Retail Trade
    Retail Trade
  11. Transportation & Warehousing
    Transportation & Warehousing
  12. Educational Services
    Educational Services
  13. Wholesale Trade
    Wholesale Trade
  14. Accommodation & Food Services
    Accommodation & Food Services
  15. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  16. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  17. Construction
    Construction
  18. Mining
    Mining
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Utilities
    Utilities

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background