Ssbr

**Name of the Vulnerable Software and Affected Versions** Python versions 3.9.x through 3.9.15 Python versions 3.10.x through 3.10.8 **Description** The issue is related to the Python multiprocessing library when used with the forkserver start method on Linux, allowing pickles to be deserialized from any user in the same machine local network namespace. This can lead to local user privilege escalation to the user that any forkserver process is running as, as pickles can execute arbitrary code. The forkserver start method is not the default start method, and this issue is Linux specific due to the support of abstract namespace sockets. **Recommendations** For Python versions 3.9.x through 3.9.15, set multiprocessing.util.abstract sockets supported to False as a workaround. For Python versions 3.10.x through 3.10.8, set multiprocessing.util.abstract sockets supported to False as a workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.