A signal access-control issue exists in the Linux kernel prior to 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
redhat enterprise mrg 2.0 |
||
canonical ubuntu linux 20.04 |
||
redhat enterprise linux 5.0 |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |