CVE-2020-12826
kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Se detectó un problema de control de acceso de señal en el kernel de Linux versiones anteriores a 5.6.5, se conoce como CID-7395ea4e65c2. Porque la función exec_id en el archivo include/linux/sched.h presenta solo 32 bits, un desbordamiento de enteros puede interferir con un mecanismo de protección do_notify_parent. Un proceso secundario puede enviar una señal arbitraria hacia un proceso primario en un dominio de seguridad diferente. Las limitaciones de explotación incluyen la cantidad de tiempo transcurrido antes de que ocurra un desbordamiento de enteros y una falta de escenarios donde las señales en un proceso primario presenten una amenaza operacional sustancial.
A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-12 CVE Reserved
- 2020-05-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 | Release Notes | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20200608-0001 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://lists.openwall.net/linux-kernel/2020/03/24/1803 | 2024-08-04 | |
https://www.openwall.com/lists/kernel-hardening/2020/03/25/1 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1822077 | 2020-11-04 | |
https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef | 2021-07-15 |
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4367-1 | 2021-07-15 | |
https://usn.ubuntu.com/4369-1 | 2021-07-15 | |
https://usn.ubuntu.com/4391-1 | 2021-07-15 | |
https://access.redhat.com/security/cve/CVE-2020-12826 | 2020-11-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.6.5 Search vendor "Linux" for product "Linux Kernel" and version " < 5.6.5" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg" | 2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0" | - |
Affected
|