An information disclosure vulnerability in the Linux kernel can be exploited to leak data and act as a springboard for further compromise.

Disclosed by Cisco Talos researchers, the bug is described as an information disclosure vulnerability "that could allow an attacker to view Kernel stack memory."

The kernel is a key component of the open source Linux operating system. The vulnerability, tracked as CVE-2020-28588, was found in the proc/pid/syscall functionality of 32-bit ARM devices running Linux.

"If utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities," Cisco added.

Linux kernel versions 5.10-rc4, 5.4.66, and 5.9.8 are impacted. Users are urged to update their builds to later versions.

Source: zdnet.com