Lucene search

K
nvd[email protected]NVD:CVE-2014-9710
HistoryMay 27, 2015 - 10:59 a.m.

CVE-2014-9710

2015-05-2710:59:00
CWE-362
web.nvd.nist.gov
7

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.10.83
OR
linuxlinux_kernelRange3.113.12.45
OR
linuxlinux_kernelRange3.133.14.47
OR
linuxlinux_kernelRange3.153.16.35
OR
linuxlinux_kernelRange3.173.18.19
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%