CVE-2020-12826

Public on 2020-05-11

Modified on 2020-07-15

Description

A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

Severity

Medium

See what this means

CVSS v3 Base Score

5.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2020-05-11 20:43	ALAS-2020-1366
Amazon Linux 1	kernel	2020-06-23 06:02	ALAS-2020-1382
Amazon Linux 2 - Core	kernel	2020-06-16 18:21	ALAS2-2020-1440

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
NVD	CVSSv3	5.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
NVD	CVSSv2	4.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

References

Red Hat: CVE-2020-12826 Mitre: CVE-2020-12826 FAQs regarding Amazon Linux ALAS/CVE Severity