ALAS2-2020-1440 --- kernel, perf, python-perfID: oval:org.secpod.oval:def:1700348 | Date: (C)2020-06-23 (M)2024-04-17 |
Class: PATCH | Family: unix |
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body
Product: |
kernel |
perf |
python-perf |