Vulnerability CVE-2020-28588: Information
Description
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
kernel-image-mp | sisyphus | 5.9.12-alt1 | 6.8.4-alt1 | ALT-PU-2020-3439-1 | 262817 | Fixed |
kernel-image-mp | p10 | 5.9.12-alt1 | 6.1.19-alt1 | ALT-PU-2020-3439-1 | 262817 | Fixed |
kernel-image-std-debug | sisyphus | 5.4.83-alt1 | 6.1.87-alt1 | ALT-PU-2020-3499-1 | 263345 | Fixed |
kernel-image-std-def | sisyphus | 5.4.67-alt1 | 6.1.87-alt1 | ALT-PU-2020-2873-1 | 258574 | Fixed |
kernel-image-std-def | p10 | 5.4.67-alt1 | 5.10.213-alt1 | ALT-PU-2020-2873-1 | 258574 | Fixed |
kernel-image-std-def | p9 | 5.4.84-alt1 | 5.4.274-alt1 | ALT-PU-2020-3535-1 | 263536 | Fixed |
kernel-image-std-def | c9f2 | 5.4.92-alt1.c9f | 5.10.214-alt0.c9f.2 | ALT-PU-2021-1211-1 | 265414 | Fixed |
kernel-image-un-def | sisyphus | 5.10.0-alt1 | 6.6.28-alt1 | ALT-PU-2020-3536-1 | 263439 | Fixed |
kernel-image-un-def | p10 | 5.10.0-alt1 | 6.1.85-alt1 | ALT-PU-2020-3536-1 | 263439 | Fixed |
kernel-image-un-def | p9 | 5.10.7-alt1 | 5.10.215-alt1 | ALT-PU-2021-1083-1 | 263714 | Fixed |
kernel-image-un-def | c10f1 | 5.10.0-alt1 | 6.1.85-alt0.c10f.1 | ALT-PU-2020-3536-1 | 263439 | Fixed |
kernel-image-un-def | c9f2 | 5.10.7-alt1 | 5.10.29-alt2 | ALT-PU-2021-1083-1 | 263714 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 |
|