Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2020-12826

Published: 12/05/2020 Updated: 15/07/2021
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8
VMScore: 393
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Linux Kernel

Vulnerability Summary

A signal access-control issue exists in the Linux kernel prior to 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

redhat enterprise mrg 2.0

canonical ubuntu linux 20.04

redhat enterprise linux 5.0

redhat enterprise linux 6.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-kvm vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Moderate: kernel-rt security and bug fix update
Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Red Hat: Moderate: kernel security, bug fix, and enhancement update
Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...
Amazon Linux 2: ALAS2-2020-1440
A signal access-control issue was discovered in the Linux kernel before 565, aka CID-7395ea4e65c2 Because exec_id in include/linux/schedh is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism A child process can send an arbitrary signal to a parent process in a different security domain Exploitation l ...
Amazon Linux AMI: ALAS-2020-1366
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, ...
Amazon Linux AMI: ALAS-2020-1382
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 57 This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine While processing the CIPSO restricted bitmap tag in the 'cipso_v4_ ...

References

CWE-190https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cefhttps://www.openwall.com/lists/kernel-hardening/2020/03/25/1https://lists.openwall.net/linux-kernel/2020/03/24/1803https://bugzilla.redhat.com/show_bug.cgi?id=1822077https://usn.ubuntu.com/4367-1/https://usn.ubuntu.com/4369-1/https://security.netapp.com/advisory/ntap-20200608-0001/https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlhttps://usn.ubuntu.com/4391-1/https://usn.ubuntu.com/4391-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook