Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
March 19, 2021 - TuxCare expert team
Shortly after exploit code was found in a public repository, two new vulnerabilities (CVE-2020-27170 and CVE-2020-27171) have been found in the Linux Kernel code that protects against it.
Both vulnerabilities allow a local user to read kernel memory which could contain sensitive information like encryption keys. Proof-of-concept code has also been made available privately, but it is safe to assume it will eventually reach public outlets.
The code flaw is present on all kernel versions up to 5.12-rc3, the most up-to-date release candidate. All distributions are vulnerable.
KernelCare patches for all supported distributions are being prepared and should start being available next week.
The first vulnerability, CVE-2020-27170, affects the way the kernel mitigation against speculative out-of-bounds loads work. Unprivileged code extending a specific Kernel BPF (Berkeley Packet Filtering) functionality had access to pointers and could perform unbound pointer arithmetic, which in turn could be weaponized as an attack vector for kernel memory content exfiltration. The pointer operations could be used because some of the pointers that the BPF exposes were not being limited correctly.
The second vulnerability, CVE-2020-27171, uses the same type of BPF program extension on 64bit systems, where again a pointer operation suffers from an off-by-one flaw. Due to the nature of computing devices, the first number is 0, rather than the more natural 1, and a common programming mistake is not accounting for this when performing mathematical operations. This off-by-one flaw would let a pointer be modified in a such a way that it would expose a 4GB block of kernel memory. Timed correctly, this could permit an unprivileged user to have access to protected memory locations.
The detailed vulnerability reports mention the existence of a privately disclosed Proof-of-concept for each vulnerability, but a sufficiently motivated attacker could gather sufficient information about the problem from the report to develop his/her own attack code.
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...