kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

🗓️ 10 Dec 2019 12:03:31Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Kernel flaw in inode_init_owner leaves SGID uncleared for non-directories when user is not in the group.

Reporter	Title	Published	Views	Family All 485
0day.today	Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit	16 Jul 201800:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q	10 Oct 201821:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities	27 Jun 201908:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM	17 May 201916:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)	31 Oct 201820:10	–	ibm
Tenable Nessus	Amazon Linux 2022 : qemu, qemu-audio-alsa, qemu-audio-oss (ALAS2022-2022-050)	6 Sep 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0119: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)	14 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: qemu / qemu-kvm (CVE-2022-0358)	10 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:0886)	15 Mar 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7.3	ppc64le	kernel	0:3.10.0-514.71.1.el7	kernel-0:3.10.0-514.71.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7.3	x86_64	kernel	0:3.10.0-514.71.1.el7	kernel-0:3.10.0-514.71.1.el7.x86_64.rpm
Red Hat Enterprise Linux	7.3	any	kernel-abi-whitelists	0:3.10.0-514.71.1.el7.noarch	kernel-abi-whitelists-0:3.10.0-514.71.1.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7.3	ppc64le	kernel-bootwrapper	0:3.10.0-514.71.1.el7	kernel-bootwrapper-0:3.10.0-514.71.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7.3	ppc64le	kernel-debug	0:3.10.0-514.71.1.el7	kernel-debug-0:3.10.0-514.71.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7.3	x86_64	kernel-debug	0:3.10.0-514.71.1.el7	kernel-debug-0:3.10.0-514.71.1.el7.x86_64.rpm
Red Hat Enterprise Linux	7.3	ppc64le	kernel-debug-debuginfo	0:3.10.0-514.71.1.el7	kernel-debug-debuginfo-0:3.10.0-514.71.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7.3	x86_64	kernel-debug-debuginfo	0:3.10.0-514.71.1.el7	kernel-debug-debuginfo-0:3.10.0-514.71.1.el7.x86_64.rpm
Red Hat Enterprise Linux	7.3	ppc64le	kernel-debug-devel	0:3.10.0-514.71.1.el7	kernel-debug-devel-0:3.10.0-514.71.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7.3	x86_64	kernel-debug-devel	0:3.10.0-514.71.1.el7	kernel-debug-devel-0:3.10.0-514.71.1.el7.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-13405
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-13405
cve	www.cve.org/CVERecord

25 Jun 2026 10:54Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.6

CVSS 3.17.8

EPSS0.01018

kernel vulnerability inode init owner sgid bit non directories non members group ownership local user