CVE-2020-12826

CVSS v3.1 5.3 (Medium)

CVSS v2.0 4.4 (Medium)

EPSS 0.05 % (21^th)

Affected Products 4

Advisories 14

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.

Weaknesses

CWE-190: Integer Overflow or Wraparound

Related CVEs

CVE-2020-10741

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-05-12 19:15:11
(4 years ago)
Updated Date: 2021-07-15 19:16:09
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 5.6.5 version	cpe:2.3:o:linux:linux_kernel		< 5.6.5

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts
	Redhat Enterprise Linux 5.0	cpe:2.3:o:redhat:enterprise_linux:5.0
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Mrg 2.0	cpe:2.3:o:redhat:enterprise_mrg:2.0