Linux patches bugs that could sidestep Spectre mitigations

Both vulnerabilities have already been patched

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have disclosed two new vulnerabilities in theLinuxkernel that could be exploited to circumvent mitigations for speculative execution attacks such as Spectre and obtain sensitive information from the kernel’s memory.

Tracked as CVE-2020-27170 and CVE-2020-27171 the vulnerabilities were discovered by Piotr Krysiuk, a member of the threat hunter team at Symantec, who reported them to the Linux kernel security team, which promptly releasedpatchesthat have now been mainlined.

“These bugs affect allLinux machines, but would be particularly impactful on shared resources, as it would allow one malicious user to access data belonging to other users,” reveals Symantec in ablog postdiscussing the vulnerabilities in detail.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Bypassing mitigations

Bypassing mitigations

Spectre, together with Meltdown, are vulnerabilities that can be used through side-channel attacks to exploit flaws in modernprocessorsto leak data. Mitigations for the hardware bugs operate at the level of theoperating system.

Krysiuk discovered that the two vulnerabilities could help get around the Spectre mitigations in the Linux kernel by taking advantage of the extended Berkeley Packet Filters (eBPF).

In the post, Symantec notes that while one of the vulnerabilities can be exploited to reveal content from any location within the kernel memory, the other can help retrieve data from a 4GB range of kernel memory.

As part of his disclosure, Piotr was able to demonstrate a couple of different approaches to successfully exploit the vulnerabilities.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The good news however is that patches for these bugs have already been included in all current Linux kernels, and should have made their way to Linux users through their distro’s official repositories.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand