Severity: Unknown
Affected Package: kernel
Summary: compat32 sendmsg(2) TOCTOU allows privilege escalation
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message into kernel memory and adjusts the alignment of control message headers. The code contained a time-of-check-to-time-of-use (TOCTOU) flaw that allowed a malicious userspace program to modify control message headers after they were validated by the kernel, which could be leveraged for privilege escalation.
No specific recommendations provided.
Aliases: CVE-2020-7460
Published: August 05, 2020
Last Modified: August 05, 2020