New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
1 min read
Mar 29, 2021
Cybersecurity researchers have identified two new vulnerabilities in Linux-based OSes that, if successfully exploited, could enable attackers to bypass mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions.
While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.
The link for this article located at The Hacker News is no longer available.
Related Articles
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
New DDoS Malware Puts Apache Servers at Risk
1 - 0 min read
RunC Container Escape Flaws Grant Attackers Host Access
