CVE-2020-28588
4
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Linux Kernel | Linux Kernel v5.10-rc4,Linux Kernel v5.4.66,Linux Kernel v5.9.8 | affected |
Weaknesses
- CWE-681: CWE-681: Incorrect Conversion between Numeric Types
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.