Two New Speculative Execution Vulnerabilities Found in the Linux Kernel

By

Security researchers discover vulnerabilities in the Linux kernel that could be exploited for attacks such as Spectre

Piotr Krysiuk, a member of the Symantec threat hunter team, has discovered two new vulnerabilities, within the Linux kernel, that obtain sensitive information, from within kernel memory, by way of speculative execution attacks such as Spectre. In conjunction with Meltdown, Spector can be used, via side-channel attacks, to exploit flaws in most modern Intel and AMD CPUs to leak data from memory.

CVE-2020-27170 and CVE-2020-27171 were both found in the kernel versions older than 5.11.8. According to the CVE-2020-27170 listing, this vulnerability performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. As for CVE-2020-27171, it has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory.

According to this Symantec blog post, “These bugs affect all Linux machines, but would be particularly impactful on shared resources, as it would allow one malicious user to access data belonging to other users.”

It is crucial that all Linux admins update the kernels on their servers and desktops, to ensure these vulnerabilities are patched. This is especially true for any machines using kernels older than 5.11.8.

04/05/2021
comments powered by Disqus