CVE-2020-12826 -- linux-imageID: oval:org.secpod.oval:def:2003667 | Date: (C)2020-09-25 (M)2024-05-22 |
Class: VULNERABILITY | Family: unix |
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
linux-image-4.9 |
linux-image-4.19 |