PT-2020-6080 · Linux+7 · Linux Kernel+7

Eddy Wu

Published

2020-11-08

Updated

2023-05-17

CVE-2020-35508

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the Linux kernel's child/parent process identification handling while filtering signal handlers, related to a race condition and incorrect initialization of the process id. This issue can be exploited by a local attacker to bypass checks and send any signal to a privileged process, potentially allowing privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Time Of Check To Time Of Use

Race Condition

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-362CWE-665

Related Identifiers

ALSA-2021:1578

ALT-PU-2021-1833

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2021-1983

ALT-PU-2021-3481

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6528

BDU:2021-02938

CESA-2021_1578

CESA-2021_1739

CVE-2020-35508

RHSA-2021:1578

RHSA-2021:1739

RHSA-2021:2718

RHSA-2021:2719

RHSA-2021_1578

RHSA-2021_1739

USN-4751-1

USN-4752-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2020-6080 · Linux+7 · Linux Kernel+7

CVE-2020-35508

Weakness Enumeration

Related Identifiers

Affected Products

References · 93