Linux patches bugs that could sidestep Spectre mitigations

Spectre and meldown
(Image credit: Graz University of Technology)
Audio player loading…

Security researchers have disclosed two new vulnerabilities in the Linux (opens in new tab) kernel that could be exploited to circumvent mitigations for speculative execution attacks such as Spectre and obtain sensitive information from the kernel's memory.

Tracked as CVE-2020-27170 and CVE-2020-27171 the vulnerabilities were discovered by Piotr Krysiuk, a member of the threat hunter team at Symantec, who reported them to the Linux kernel security team, which promptly released patches (opens in new tab) that have now been mainlined.

“These bugs affect all Linux machines (opens in new tab), but would be particularly impactful on shared resources, as it would allow one malicious user to access data belonging to other users,” reveals Symantec in a blog post (opens in new tab) discussing the vulnerabilities in detail.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Bypassing mitigations

Spectre, together with Meltdown, are vulnerabilities that can be used through side-channel attacks to exploit flaws in modern processors (opens in new tab) to leak data. Mitigations for the hardware bugs operate at the level of the operating system.

Krysiuk discovered that the two vulnerabilities could help get around the Spectre mitigations in the Linux kernel by taking advantage of the extended Berkeley Packet Filters (eBPF).

In the post, Symantec notes that while one of the vulnerabilities can be exploited to reveal content from any location within the kernel memory, the other can help retrieve data from a 4GB range of kernel memory.

As part of his disclosure, Piotr was able to demonstrate a couple of different approaches to successfully exploit the vulnerabilities.

The good news however is that patches for these bugs have already been included in all current Linux kernels, and should have made their way to Linux users through their distro’s official repositories.

  • We've also highlighted the best antivirus (opens in new tab) solutions

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.