Bug 1869141 (CVE-2020-24394) - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
Summary: CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-24394
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1869153 1870215 1870217 1870218 1870219 1870220 1872311 1916425 1916426 1916427 1916719 1916720 1916721
Blocks: 1848531
TreeView+ depends on / blocked
 
Reported: 2020-08-17 04:34 UTC by Dhananjay Arunesh
Modified: 2024-03-25 16:18 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem.
Clone Of:
Environment:
Last Closed: 2020-12-15 22:18:40 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:0138 0 None None None 2021-01-14 11:41:31 UTC
Red Hat Product Errata RHBA-2021:2538 0 None None None 2021-06-23 18:05:56 UTC
Red Hat Product Errata RHBA-2021:2541 0 None None None 2021-06-24 11:50:53 UTC
Red Hat Product Errata RHSA-2020:5437 0 None None None 2020-12-15 11:12:13 UTC
Red Hat Product Errata RHSA-2020:5441 0 None None None 2020-12-15 11:17:12 UTC
Red Hat Product Errata RHSA-2021:0526 0 None None None 2021-02-16 08:35:04 UTC
Red Hat Product Errata RHSA-2021:0760 0 None None None 2021-03-09 09:18:54 UTC
Red Hat Product Errata RHSA-2021:0878 0 None None None 2021-03-16 14:53:36 UTC

Description Dhananjay Arunesh 2020-08-17 04:34:29 UTC
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to apply umask correctly when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). This flaw could allow a local attacker with a user privilege to a kernel information leak problem.

References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832

Comment 1 Dhananjay Arunesh 2020-08-17 05:57:21 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1869153]

Comment 3 Justin M. Forbes 2020-08-17 13:49:39 UTC
This was fixed for Fedora with the 5.7.8 stable kernel updates.

Comment 6 Rohit Keshri 2020-08-19 15:07:58 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 8 errata-xmlrpc 2020-12-15 11:12:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5437 https://access.redhat.com/errata/RHSA-2020:5437

Comment 9 errata-xmlrpc 2020-12-15 11:16:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5441 https://access.redhat.com/errata/RHSA-2020:5441

Comment 10 Product Security DevOps Team 2020-12-15 22:18:40 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-24394

Comment 13 errata-xmlrpc 2021-02-16 08:34:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:0526 https://access.redhat.com/errata/RHSA-2021:0526

Comment 14 errata-xmlrpc 2021-03-09 09:18:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:0760 https://access.redhat.com/errata/RHSA-2021:0760

Comment 15 errata-xmlrpc 2021-03-16 14:53:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0878 https://access.redhat.com/errata/RHSA-2021:0878

Comment 17 errata-xmlrpc 2021-05-18 13:19:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578

Comment 18 errata-xmlrpc 2021-05-18 14:40:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739


Note You need to log in before you can comment on or make changes to this bug.