CVE-2020-24394

Published: Aug 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8

USN-4465-1

vendor-advisory

openSUSE-SU-2020:1325

vendor-advisory

USN-4483-1

vendor-advisory

USN-4485-1

vendor-advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

https://security.netapp.com/advisory/ntap-20200904-0003/

https://www.starwindsoftware.com/security/sw-20210325-0004/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-24394

Description

Affected Products

References