Security researchers have discovered an information disclosure vulnerability in the Linux kernel that can be exploited to leak data, at least on 32-bit Arm devices. A patch for the vulnerability has already been merged in the mainline kernel.

Disclosed by experts at Cisco Talos, the bug, tracked as CVE-2020-28588, could allow an attacker to view the contents of the kernel stack memory and can also be used as a springboard for further compromise.

The Cisco researchers first discovered this issue on an Azure Sphere device version 20.10, which is a 32-bit Arm device that runs a patched Linux kernel.