MNBSD-2020-2: compat32 sendmsg(2) TOCTOU allows privilege escalation

Severity: Unknown

Affected Package: kernel

Summary: compat32 sendmsg(2) TOCTOU allows privilege escalation

Description

When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message into kernel memory and adjusts the alignment of control message headers. The code contained a time-of-check-to-time-of-use (TOCTOU) flaw that allowed a malicious userspace program to modify control message headers after they were validated by the kernel, which could be leveraged for privilege escalation.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-7460

Published: August 05, 2020
Last Modified: August 05, 2020