430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White […]

Linux Dirty Frag DirtyDecrypt PinTheft

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks.

Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks.

In January 2018, White hackers from Google Project Zero disclosed vulnerabilities, affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). The issue could be exploited by attackers to steal sensitive data processed by the CPU.

Intel released patches and mitigations for these vulnerabilities but many devices have yet to apply them.

Symantec researcher Piotr Krysiuk, has disclosed this week two new vulnerabilities in the Linux kernel, respectively tracked as CVE-2020-27170 and CVE-2020-27171, that can be exploited by attackers to bypass mitigations for the Spectre flaws.

The CVE-2020-27170 flaw resides in the extended Berkeley Packet Filter (eBPF) technology used by the Linux kernel. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN, but a local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a Spectre like flaw to access all the content of the device’s memory.

“An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.” reads the description for this CVE-2020-27170.

The CVE-2020-27171 flaw also resides in the extended Berkeley Packet Filter (eBPF) technology. The issue triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. This flaw can be exploited to access contents from a 4Gb range of kernel memory.

“The most likely scenario where these vulnerabilities could be exploited is in a situation where multiple users have access to a single affected computer – as could be the case in workplace situations etc. In this scenario, any of the unprivileged users could abuse one of the identified vulnerabilities to extract contents of the kernel memory to locate secrets from other users.” reads the blog post published by Symantec.

“The bugs could also potentially be exploited if a malicious actor was able to gain access to an exploitable machine via a prior step – such as downloading malware onto the machine to achieve remote access – this could then allow them to exploit these vulnerabilities to gain access to all user profiles on the machine.”

Both vulnerabilities have been addressed with the release of kernel updates in March, several major Linux distributions, including Debian, Ubuntu and Red Hat, already implemented them.

Recently, Google released Spectre proof-of-concept (PoC) code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Spectre)

[adrotate banner=”5″]

[adrotate banner=”13″]