Linux patches bugs that could sidestep Spectre mitigations

Spectre and meldown
(Image credit: Graz University of Technology)

Security researchers have disclosed two new vulnerabilities in the Linux kernel that could be exploited to circumvent mitigations for speculative execution attacks such as Spectre and obtain sensitive information from the kernel's memory.

Tracked as CVE-2020-27170 and CVE-2020-27171 the vulnerabilities were discovered by Piotr Krysiuk, a member of the threat hunter team at Symantec, who reported them to the Linux kernel security team, which promptly released patches that have now been mainlined.

“These bugs affect all Linux machines, but would be particularly impactful on shared resources, as it would allow one malicious user to access data belonging to other users,” reveals Symantec in a blog post discussing the vulnerabilities in detail.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Bypassing mitigations

Spectre, together with Meltdown, are vulnerabilities that can be used through side-channel attacks to exploit flaws in modern processors to leak data. Mitigations for the hardware bugs operate at the level of the operating system.

Krysiuk discovered that the two vulnerabilities could help get around the Spectre mitigations in the Linux kernel by taking advantage of the extended Berkeley Packet Filters (eBPF).

In the post, Symantec notes that while one of the vulnerabilities can be exploited to reveal content from any location within the kernel memory, the other can help retrieve data from a 4GB range of kernel memory.

As part of his disclosure, Piotr was able to demonstrate a couple of different approaches to successfully exploit the vulnerabilities.

The good news however is that patches for these bugs have already been included in all current Linux kernels, and should have made their way to Linux users through their distro’s official repositories.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.