Acknowledged
Created: May 10, 2020
Updated: Jun 29, 2020
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace
An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.
CREATE(Triage):(User=admin) [CVE-2019-20794|https://nvd.nist.gov/vuln/detail/CVE-2019-20794]
