Two Linux bugs patched this month could allow hackers to sidestep mitigations for the infamous Spectre vulnerability.
“If left unpatched, the vulnerabilities mean that existing Spectre protections will not be sufficient to prevent some exploitation techniques,” wrote Symantec in a blog post.
Spectre is a flaw in speculative execution in Intel, ARM and AMD processors that first came to light in 2018. The vulnerability could ultimately reveal the contents of memory.
Patches for CVEs 2020-27170 and 2020-27171, both disclosed by Symantec’s Piotr Krysiuk, published on March 17, and versions of Linux available on March 20 contain the patch.
According to Symantec’s write up, the two vulnerabilities stem from Berkeley Packet Filters intended to catch Spectre attacks that prove insufficient. CVE-2020-27170 allows hackers to obtain any content stored in kernel memory, including sensitive data, while CVE-2020-27171 allows similar access in a four gigabyte range of kernel memory.
“The most likely scenario where these vulnerabilities could be exploited is in a situation where multiple users have access to a single affected computer – as could be the case in workplace situations etc.,” wrote Symantec. “In this scenario, any of the unprivileged users could abuse one of the identified vulnerabilities to extract contents of the kernel memory to locate secrets from other users.”
Symantec noted, however, that hackers could also use the vulnerabilities with a prior step including installing malware.