Pitor Krysiuk from Symantec’s Threat Hunter team discovered two new vulnerabilities in all Linux Kernels of version 5.11.8 and below. The two new bugs, named CVE-2020-27170 and CVE-2020-27171, were discovered on Monday. Linux is widely regarded as one of the most secure operating systems, and such vulnerabilities can create panic in the community.
The Severity of the Vulnerabilities
Cybersecurity researchers say the vulnerabilities are exploitable and can let attackers steal sensitive information using attacks like Spectre. Vulnerability 27170 can be exploited to reveal information from any part of the kernel memory. On the other hand, hackers can abuse 27171 to reveal data from a 4GB range of kernel memory.
Spectre and Meltdown
In 2018, Spectre and Meltdown were discovered. These flaws plagued processors for years, allowing hackers to steal processed data from any computer. The worst part was that Spectre and Meltdown flaws could be exploited remotely.
Over the years, many countermeasures have been used to defend computers against these flaws. However, these are just temporary fixes on an operating system level. The underlying flaws still exist. Furthermore, the new vulnerabilities discovered bypass these fixes and the mitigation measures in Linux. Linux includes native support for extended Berkeley Packet Filters (eBPF), which can be exploited to steal data from the kernel.
In computer terms, the kernel performs unwanted out-of-bounds speculation on pointer arithmetic. As a result, the countermeasures put in place for protection against Spectre and Meltdown are rendered useless. In other words, the data of other users on a vulnerable machine would be compromised if another user on the same machine exploits these vulnerabilities.
To sum it all up, Linux has two severe vulnerabilities that Symantec’s Threat Hunter Team discovered. These flaws expose the operating system against Spectre and Meltdown. This can result in very sensitive data being stolen from unsuspecting users.