Linux kernel bug opens door to all manner of attacks
Security researchers have discovered an information disclosure vulnerability in the Linux kernel that can be exploited to leak data, at least on 32-bit Arm devices. A patch for the vulnerability has already been merged in the mainline kernel.
Disclosed by experts at Cisco Talos, the bug, tracked as CVE-2020-28588, could allow an attacker to view the contents of the kernel stack memory and can also be used as a springboard for further compromise.
The Cisco researchers first discovered this issue on an Azure Sphere device version 20.10, which is a 32-bit Arm device that runs a patched Linux kernel.