CVE-2020-35508 — Improper Initialization in Kernel
Severity
4.5MEDIUMNVD
OSV5.4OSV4.1
EPSS
0.1%
top 83.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 26
Latest updateFeb 14
Description
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4
Affected Packages7 packages
Also affects: Enterprise Linux 8.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-467m-6jmp-65g9: A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification↗2022-05-24
OSV▶
CVE-2020-35508: A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification↗2021-03-26
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-02-25
📋Vendor Advisories
6Microsoft▶
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local ↗2021-03-09