CVE-2020-35508

Published: Mar 26, 2021Modified: Nov 21, 2024

4.5

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.0 / Impact: 3.4

Source: NVD

Description

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.

Affected (23)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Netapp: A700s Firmware, Brocade Fabric Operating System Firmware, Fas8300 Firmware, Fas8700 Firmware, Aff A400 Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware, H410c Firmware, H610c Firmware, H610s Firmware, H615c Firmware

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.12
Linux Linux Kernel	Version 5.12
Linux Linux Kernel	Version 5.12 rc1
Linux Linux Kernel	Version 5.12 rc2
Linux Linux Kernel	Version 5.12 rc3
Linux Linux Kernel	Version 5.12 rc4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A700s Firmware	All versions

Running on/with	Platform Versions
Netapp A700s	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Brocade Fabric Operating System Firmware	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas8300 Firmware	All versions

Running on/with	Platform Versions
Netapp Fas8300	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas8700 Firmware	All versions

Running on/with	Platform Versions
Netapp Fas8700	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A400 Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A400	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610c Firmware	All versions

Running on/with	Platform Versions
Netapp H610c	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H615c Firmware	All versions

Running on/with	Platform Versions
Netapp H615c	All versions

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1902724

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948

Source: secalert@redhat.com

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20210513-0006/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1902724

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20210513-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.