An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 5.4.66 (including) | 5.4.66 (including) |
Linux_kernel | Linux | 5.9.8 (including) | 5.9.8 (including) |
Linux_kernel | Linux | 5.10-rc4 (including) | 5.10-rc4 (including) |