CVE-2020-12826
Description
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 5.6.7-1 |
| debian | bullseye | fixed | 5.6.7-1 |
| debian | forky | fixed | 5.6.7-1 |
| debian | sid | fixed | 5.6.7-1 |
| debian | trixie | fixed | 5.6.7-1 |
| almalinux | 8 | fixed | kernel-tools-libs-devel-4.18.0-240.el8.x86_64.rpm |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.