SUSE CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-021 (ALASKERNEL-5.10-2022-021)

The version of kernel installed on the remote host is prior to 5.10.147-133.644. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-021 advisory. A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allow...

[SECURITY] [DSA 5257-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2022 https://www.debian.org/security/faq -...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

CVE-2021-4037

Summary: CVE-2021-4037 affects the Linux kernel’s inode_init_owner() logic for XFS SGID directories, enabling local users to create files with unintended group ownership and SGID/group-exec bits when the directory is SGID and writable to non-group members. The issue is linked to a missed fix rela...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

RHEL 7 : kernel (RHSA-2019:2566)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2566 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Missing check in...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inodeinitowner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is...

Oracle Linux 6 : kernel (ELSA-2019-0717)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0717 advisory. - fs Fix up non-directory creation in SGID directories Miklos Szeredi 1600951 CVE-2018-13405 - fs hugetlbfs: switch to inodeinitowner Miklos Szeredi 1600951...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1406)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Missing check in fs/inode.c:inodeinitowner does not clear SGID bit on non-directories for non-members.CVE-2018-13405 - fuse-backed file mmap-ed...

Debian DLA-1466-1 : linux-4.9 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 SegmentSmack Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially...

[SECURITY] [DLA 1466-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u2deb8u1 CVE ID : CVE-2018-5390 CVE-2018-5391 CVE-2018-13405 Debian Bug : 893393 903122 903767 903776 903838 903914 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service...

Debian DSA-4266-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted...

[SECURITY] [DSA 4266-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4266-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...

Linux kernel design vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability in the 'inodeinitowner' function of the fs/inode.c file in Linux kernel versions 4.17.4 and earlier allows local users to create files with...

CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

CVE-2018-13405

CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...