Vulnerability Details : CVE-2020-12826
Potential exploit
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Vulnerability category: Overflow
Products affected by CVE-2020-12826
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-12826
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-12826
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.8
|
3.4
|
NIST |
CWE ids for CVE-2020-12826
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-12826
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
[SECURITY] [DLA 2241-2] linux security update
-
https://bugzilla.redhat.com/show_bug.cgi?id=1822077
1822077 – (CVE-2020-10741) CVE-2020-10741 kernel: possible to send arbitrary signals to a privileged (suidroot) parent processIssue Tracking;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
[SECURITY] [DLA 2241-1] linux security update
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5
Release Notes;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200608-0001/
May 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
https://lists.openwall.net/linux-kernel/2020/03/24/1803
linux-kernel - Curiosity around 'exec_id' and some problems associated with itExploit;Mailing List;Patch;Third Party Advisory
-
https://usn.ubuntu.com/4391-1/
USN-4391-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4369-1/
USN-4369-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://www.openwall.com/lists/kernel-hardening/2020/03/25/1
kernel-hardening - Curiosity around 'exec_id' and some problems associated with itExploit;Mailing List;Patch;Third Party Advisory
-
https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef
signal: Extend exec_id to 64bits · torvalds/linux@7395ea4 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4367-1/
USN-4367-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to