{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-22T21:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"}, {"name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4369-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "USN-4391-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4391-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"}, {"name": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"}, {"name": "https://lists.openwall.net/linux-kernel/2020/03/24/1803", "refsource": "MISC", "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"}, {"name": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"}, {"name": "USN-4367-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4369-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4369-1/"}, {"name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "USN-4391-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4391-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.878Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"}, {"name": "USN-4367-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4367-1/"}, {"name": "USN-4369-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4369-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}, {"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"name": "USN-4391-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4391-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12826", "datePublished": "2020-05-12T18:58:48", "dateReserved": "2020-05-12T00:00:00", "dateUpdated": "2024-08-04T12:04:22.878Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74C74C8C-8070-4FB7-8E86-26641C4EE4FF", "versionEndExcluding": "5.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."}, {"lang": "es", "value": "Se detect\u00f3 un problema de control de acceso de se\u00f1al en el kernel de Linux versiones anteriores a 5.6.5, se conoce como CID-7395ea4e65c2. Porque la funci\u00f3n exec_id en el archivo include/linux/sched.h presenta solo 32 bits, un desbordamiento de enteros puede interferir con un mecanismo de protecci\u00f3n do_notify_parent. Un proceso secundario puede enviar una se\u00f1al arbitraria hacia un proceso primario en un dominio de seguridad diferente. Las limitaciones de explotaci\u00f3n incluyen la cantidad de tiempo transcurrido antes de que ocurra un desbordamiento de enteros y una falta de escenarios donde las se\u00f1ales en un proceso primario presenten una amenaza operacional sustancial."}], "id": "CVE-2020-12826", "lastModified": "2021-07-15T19:16:09.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-12T19:15:11.080", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4367-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4369-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4391-1/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Adam Zabrocki for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:4062", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.rt56.1131.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4060", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4609", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-240.rt7.54.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4431", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-240.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "kernel: possible to send arbitrary signals to a privileged (suidroot) parent process", "id": "1822077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-94", "details": ["A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.", "A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-12826", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-05-12T05:40:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12826\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12826\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da\nhttps://lists.openwall.net/linux-kernel/2020/03/24/1803\nhttps://www.openwall.com/lists/kernel-hardening/2020/03/25/1"], "threat_severity": "Moderate"}