Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-4037

Updated: 2022-05-31 05:54:10.872752

Description:

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Status Errata Last updated
CentOS 8.4 ELS kernel 4.18.0-305.25.1 Needs triage 2022-05-11 02:25:03.397349
CentOS 8.5 ELS kernel 4.18.0-348.7.1 Needs triage 2022-05-11 02:25:10.682037