Updated: 2022-05-31 05:54:10.872752
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
|CVSS Version 2.x||NONE||0|
|CVSS Version 3.x||MEDIUM||4.4|
|OS name||Project name||Version||Status||Errata||Last updated|
|CentOS 8.4 ELS||kernel||4.18.0-305.25.1||Needs triage||2022-05-11 02:25:03.397349|
|CentOS 8.5 ELS||kernel||4.18.0-348.7.1||Needs triage||2022-05-11 02:25:10.682037|