CVE-2020-28588
CVE-2020-28588
In short
A flaw in Linux Kernel allows attackers to read a special file (/proc/pid/syscall) and cause the kernel to leak sensitive memory contents that should not be visible.
Technical detail
An information disclosure vulnerability in the /proc/pid/syscall interface (introduced in v5.1-rc4) permits local attackers to trigger uninitialized memory exposure from kernel space. The vulnerability requires read access to /proc/pid/syscall and affects Linux Kernel versions 5.1 through at least 5.10-rc4, with potential for leaking confidential kernel data structures.
Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · Linux KernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →