CVE-2020-28588
Description
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so its likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.064
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Kernel-uek update (ELSA-2021-9140) kernel-uek-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug update (ELSA-2021-9140) kernel-uek-debug-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug-devel update (ELSA-2021-9140) kernel-uek-debug-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-devel update (ELSA-2021-9140) kernel-uek-devel-5.4.17-2102.200.13.el8uek.x86_64.rpm | Linux |
| Kernel-uek-doc update (ELSA-2021-9140) kernel-uek-doc-5.4.17-2102.200.13.el8uek.noarch.rpm | Linux |
| Kernel-uek-container update (ELSA-2021-9141) kernel-uek-container-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
| Kernel-uek-container-debug update (ELSA-2021-9141) kernel-uek-container-debug-5.4.17-2102.200.13.el8.x86_64.rpm | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1033-kvm_5.4.0-1033.34_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1036-gke_5.4.0-1036.38~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1037-gcp_5.4.0-1037.40_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1037-gcp_5.4.0-1037.40~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1038-aws_5.4.0-1038.40_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1038-aws_5.4.0-1038.40~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1010-gkeop_5.4.0-1010.11_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1010-gkeop_5.4.0-1010.11~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1040-azure_5.4.0-1040.42_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1040-azure_5.4.0-1040.42~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-generic_5.4.0-66.74_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-generic_5.4.0-66.74~18.04.2_i386.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-generic_5.4.0-66.74~18.04.2_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1038-oracle_5.4.0-1038.41_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-1038-oracle_5.4.0-1038.41~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-lowlatency_5.4.0-66.74_amd64.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-lowlatency_5.4.0-66.74~18.04.2_i386.deb | Linux |
| Linux kernel (USN-4750-1) linux-image-5.4.0-66-lowlatency_5.4.0-66.74~18.04.2_amd64.deb | Linux |
| Linux kernel (USN-4751-1) linux-image-5.8.0-44-generic_5.8.0-44.50~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-4751-1) linux-image-5.8.0-44-lowlatency_5.8.0-44.50~20.04.1_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-4752-1) linux-image-5.6.0-1048-oem_5.6.0-1048.52_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234