I don't see a CVE or even a proper bugref but it's listed in 'Security' category of news.
Author: Gregory P. Smith <email@example.com>
AuthorDate: 2022-10-21 00:30:09 +0200
Commit: GitHub <firstname.lastname@example.org>
CommitDate: 2022-10-21 00:30:09 +0200
gh-97514: Don't use Linux abstract sockets for multiprocessing (#98501)
Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
Hmm, pypy3 is also affected.
Very hard to call this a root privilege escalation without anything apparent to exploit, leaving at 3.
pypy3 cleanup done too.