Lucene search
RedhatCVELIST:CVE-2021-4037HistoryAug 24, 2022 - 12:00 a.m.
CVE-2021-4037
2022-08-2400:00:00
CWE-284
redhat
www.cve.org
6
linux kernel
vulnerability
unintended group ownership
excessive permissions
xfs file-system
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
CNA Affected
[
{
"vendor": "n/a",
"product": "Kernel",
"versions": [
{
"version": "Fixed in Linux-kernel v5.11-rc1",
"status": "affected"
}
]
}
]References
access.redhat.com/security/cve/CVE-2021-4037
bugzilla.redhat.com/show_bug.cgi?id=2004810
bugzilla.redhat.com/show_bug.cgi?id=2027239
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848
lists.debian.org/debian-lts-announce/2022/11/msg00001.html
www.debian.org/security/2022/dsa-5257
Related
nvd
nvd
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2022-08-24 16:15:00
Design/Logic Flaw
2018-07-06 14:29:00
Design/Logic Flaw
2022-08-29 15:15:00
nessus
nessus
NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0107)
2023-12-27 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:4835)
2022-05-31 00:00:00
RHEL 8 : kernel (RHSA-2022:4829)
2022-05-31 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2023:1091)
2023-03-09 00:00:00
CentOS Update for kernel CESA-2019:0717 centos6
2019-04-13 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1523)
2022-04-25 00:00:00
redhat
redhat
(RHSA-2023:1091) Important: kernel security and bug fix update
2023-03-07 08:56:12
(RHSA-2022:4835) Important: kernel-rt security and bug fix update
2022-05-31 10:00:31
(RHSA-2022:4829) Important: kernel security, bug fix, and enhancement update
2022-05-31 10:00:13
centos
centos
bpftool, kernel, perf, python security update
2023-03-08 16:36:50
kernel, perf, python security update
2019-04-12 13:58:58
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
veracode
veracode
Privilege Escalation
2019-05-16 03:18:36
cvelist
cvelist
CVE-2018-13405
2018-07-06 14:00:00
CVE-2022-0358
2022-08-29 00:00:00
virtuozzo
virtuozzo
oraclelinux
oraclelinux
kernel security and bug fix update
2019-04-11 00:00:00
Unbreakable Enterprise kernel security update
2018-09-10 00:00:00
Unbreakable Enterprise kernel security update
2018-09-04 00:00:00
osv
osv
CVE-2018-13405
2018-07-06 14:29:01
Moderate: virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
Moderate: virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
f5
f5
K00854051 : Linux kernel vulnerability CVE-2018-13405
2019-05-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-4037 affecting package kernel 5.10.153.1-1
2022-12-06 23:44:46
zdt
zdt
cnvd
cnvd
Linux kernel access control error vulnerability (CNVD-2022-74085)
2022-10-22 00:00:00
QEMU Elevation of Privilege Vulnerability (CNVD-2022-84163)
2022-01-27 00:00:00
debian
debian
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
[SECURITY] [DLA 1466-1] linux-4.9 security update
2018-08-15 12:18:26
almalinux
almalinux
Moderate: virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
fedora
fedora
[SECURITY] Fedora 35 Update: qemu-6.1.0-14.fc35
2022-02-15 01:38:50
[SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34
2022-02-25 17:03:11
rocky
rocky
virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
amazon
amazon
Critical: kernel
2018-08-04 23:48:00
Critical: kernel
2018-08-04 23:49:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0275
2022-11-04 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0461
2022-10-01 00:00:00
Important Photon OS Security Update - PHSA-2022-0522
2022-09-23 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-07-28 15:09:53
Security update for the Linux Kernel (important)
2021-11-11 00:00:00
Security update for the Linux Kernel (important)
2021-11-09 00:00:00
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q
2018-10-10 21:05:01
cloudlinux
cloudlinux
kernel: Fix of 7 CVEs
2024-02-29 11:04:23
kernel: Fix of 7 CVEs
2024-02-29 11:06:21
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-08-24 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-08-24 00:00:00
Linux kernel vulnerabilities
2022-09-30 00:00:00
cloudfoundry
cloudfoundry
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2018-07-25 11:24:17