Bug 1869141 (CVE-2020-24394)
| Summary: | CVE-2020-24394 kernel: umask not applied on filesystem without ACL support | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, ptalbert, qzhao, rkeshri, rt-maint, rvrbovsk, steved, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-15 22:18:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1869153, 1870215, 1870217, 1870218, 1870219, 1870220, 1872311, 1916425, 1916426, 1916427, 1916719, 1916720, 1916721 | ||
| Bug Blocks: | 1848531 | ||
|
Description
Dhananjay Arunesh
2020-08-17 04:34:29 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1869153] This was fixed for Fedora with the 5.7.8 stable kernel updates. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5437 https://access.redhat.com/errata/RHSA-2020:5437 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5441 https://access.redhat.com/errata/RHSA-2020:5441 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-24394 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0526 https://access.redhat.com/errata/RHSA-2021:0526 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0760 https://access.redhat.com/errata/RHSA-2021:0760 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0878 https://access.redhat.com/errata/RHSA-2021:0878 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739 |