Lucene search

K
cvelistRedhatCVELIST:CVE-2008-3833
HistoryOct 03, 2008 - 5:18 p.m.

CVE-2008-3833

2008-10-0317:18:00
redhat
www.cve.org

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.