An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of numeric values when reading the file.
Read more…
Source: ThreatPost