Bugzilla – Bug 1171985
VUL-1: CVE-2020-10741: kernel-source: possible to send arbitrary signals to a privileged (suidroot) parent process
Last modified: 2020-07-28 09:50:07 UTC
rh#1822077 A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. The most likely attack vector is a local user attempting to attack a setuid process. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10741 https://bugzilla.redhat.com/show_bug.cgi?id=1822077 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10741 https://www.openwall.com/lists/kernel-hardening/2020/03/25/1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10741 https://git.zx2c4.com/CVE-2012-0056/about/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e268337dfe26dfc7efd422a804dbb27977a3cccc https://www.cvedetails.com/cve/CVE-2009-1337/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da https://lists.openwall.net/linux-kernel/2020/03/24/1803 https://www.openwall.com/lists/oss-security/2012/01/22/5 https://lore.kernel.org/patchwork/patch/150993/
This can be ignored [1] CVE-2020-12826 --> bsc#1171727 should be used instead. Closing [1] https://nvd.nist.gov/vuln/detail/CVE-2020-10741