SUSE CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-021 (ALASKERNEL-5.10-2022-021)

The version of kernel installed on the remote host is prior to 5.10.147-133.644. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-021 advisory. A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allow...

[SECURITY] [DSA 5257-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2022 https://www.debian.org/security/faq -...

The vulnerability of the inode_init_owner function in the fs/inode.c component of the Linux operating system allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the inodeinitowner function in the fs/inode.c component of the Linux operating system’s kernel is related to insecure privilege management. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

CVE-2021-4037

Summary: CVE-2021-4037 affects the Linux kernel’s inode_init_owner() logic for XFS SGID directories, enabling local users to create files with unintended group ownership and SGID/group-exec bits when the directory is SGID and writable to non-group members. The issue is linked to a missed fix rela...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

RHEL 7 : kernel (RHSA-2019:2566)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2566 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Missing check in...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inodeinitowner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is...

Oracle Linux 6 : kernel (ELSA-2019-0717)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0717 advisory. - fs Fix up non-directory creation in SGID directories Miklos Szeredi 1600951 CVE-2018-13405 - fs hugetlbfs: switch to inodeinitowner Miklos Szeredi 1600951...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1406)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Missing check in fs/inode.c:inodeinitowner does not clear SGID bit on non-directories for non-members.CVE-2018-13405 - fuse-backed file mmap-ed...

Debian DLA-1466-1 : linux-4.9 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 SegmentSmack Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially...

[SECURITY] [DLA 1466-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u2deb8u1 CVE ID : CVE-2018-5390 CVE-2018-5391 CVE-2018-13405 Debian Bug : 893393 903122 903767 903776 903838 903914 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service...

Debian DSA-4266-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted...

[SECURITY] [DSA 4266-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4266-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4266-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2018 https://www.debian.org/security/faq -...

Linux kernel design vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability in the 'inodeinitowner' function of the fs/inode.c file in Linux kernel versions 4.17.4 and earlier allows local users to create files with...

CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

CVE-2018-13405

CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...