5.9.8

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

linux

CWE-681

NVD

Published: 2021-05-10

Updated: 2022-06-07

Summary

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.9.8 Linux Linux Kernel 5.4.66 Linux Linux Kernel 5.10	3

Common Weakness Enumeration (CWE)

CWE-681 - Incorrect Conversion between Numeric Types

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211