First published: Fri Jun 05 2020(Updated: )
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to apply umask correctly when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). This flaw could allow a local attacker with a user privilege to a kernel information leak problem. References: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1160.11.1.rt56.1145.el7 | 0:3.10.0-1160.11.1.rt56.1145.el7 |
redhat/kernel | <0:3.10.0-1160.11.1.el7 | 0:3.10.0-1160.11.1.el7 |
redhat/kernel | <0:3.10.0-693.82.1.el7 | 0:3.10.0-693.82.1.el7 |
redhat/kernel | <0:3.10.0-957.70.1.el7 | 0:3.10.0-957.70.1.el7 |
redhat/kernel | <0:3.10.0-1062.45.1.el7 | 0:3.10.0-1062.45.1.el7 |
redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
Linux Linux kernel | <5.7.8 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
openSUSE Leap | =15.1 | |
Oracle SD-WAN Edge | =8.2 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build12533 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build12658 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build12859 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build13170 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build13586 | |
Starwindsoftware Starwind Virtual San Vsphere | =v8-build13861 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)