Lucene search

K
cveMitreCVE-2020-24394
HistoryAug 19, 2020 - 1:15 p.m.

CVE-2020-24394

2020-08-1913:15:10
CWE-732
mitre
web.nvd.nist.gov
299
4
linux
kernel
cve-2020-24394
nfs
server
permissions
umask
security
vulnerability

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

18.9%

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<5.7.8
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
Node
opensuseleapMatch15.1
Node
oraclesd-wan_edgeMatch8.2
Node
starwindsoftwarestarwind_virtual_sanMatchv8build12533vsphere
OR
starwindsoftwarestarwind_virtual_sanMatchv8build12658vsphere
OR
starwindsoftwarestarwind_virtual_sanMatchv8build12859vsphere
OR
starwindsoftwarestarwind_virtual_sanMatchv8build13170vsphere
OR
starwindsoftwarestarwind_virtual_sanMatchv8build13586vsphere
OR
starwindsoftwarestarwind_virtual_sanMatchv8build13861vsphere
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
oraclesd-wan_edge8.2cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*
starwindsoftwarestarwind_virtual_sanv8cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
starwindsoftwarestarwind_virtual_sanv8cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
starwindsoftwarestarwind_virtual_sanv8cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*
Rows per page:
1-10 of 131

Social References

More

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

18.9%