Now-Patched Linux Kernel Gives Rise To data Leaks

Security

In Linux Kernel, a serious vulnerability can lead to leakage of data. The system is exposed to stack memory, and it exists in different Kernel version ranges. To eliminate exploitation, users must always ensure to update to the newest version.

The vulnerability exposes memory

According to Cisco Talos experts, it has been reported that there has been a serious disclosure of a vulnerability in the Linux Kernel. They revealed CVE-2020-28588, a bug that can expose the stack memory to cybercriminals. Thus, exploiting it indicates that it would permit full usage of data leakage and targeting more unpatched Linus bags.

It is said that the entire attack can be avoided by reading the operating system file of Linux, /proc/<pid>/syscall. With that, you are making it impossible to find a network remotely. If the information is being utilized correctly, it could leverage the leakage of information to exploit other unpatched vulnerabilities successfully.

Targeting the bug permits the cybercriminal to divert KASLR (Kernel Address Space Layout Randomization). It is a security technique used to protect the exploitation of the corruption bug. It is found on the “Azure Sphere device,” and while investigating, it has been found that it appeared in v5.1-rc4 first.

Based on the advisory, it has been found that the flaw still existed in the Linux Kernel functionality.

Using a VPN

Even after the continuous increase in the cybercrime rates, some companies still have not taken any steps to protect their system. However, some businesses are already using a VPN connection, such as those described by Gizlilikveguvenlik. Those not using VPNs for their staff find themselves under constant cyber-attack threats. A VPN gives you two benefits, one is security, and another is privacy.

Privacy and security

Privacy means it will encrypt your location, IP address, search history, and every other detail through which hackers can track you. By encrypting all the information, you are blocking all possible ways for people to access your information. Here security indicates protecting your personal information that’s being transferred online and received by your system.

Deployed the patch

In November 2020, researchers found this kind of vulnerability, and after that, on 20th December 2020, the vendors merged the patch. The professionals from Cisco have revealed that the affected version of kernel 5.4.66, 5.10-rc4, and 5.9.8 are still susceptible to the bug. That’s why it is essential to ensure all users are updating their systems to the newest version as soon as possible.

Leave a Reply