CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Published: Aug 19, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-24394
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	5.7.8
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x
opensuse / leap	15.1	15.1.x
oracle / sd-wan_edge	8.2	8.2.x
starwindsoftware / starwind_virtual_san	8-build12533	8-build12533.x
starwindsoftware / starwind_virtual_san	8-build12658	8-build12658.x
starwindsoftware / starwind_virtual_san	8-build12859	8-build12859.x
starwindsoftware / starwind_virtual_san	8-build13170	8-build13170.x
starwindsoftware / starwind_virtual_san	8-build13586	8-build13586.x
starwindsoftware / starwind_virtual_san	8-build13861	8-build13861.x

Vulnerability Database

289,599

CVE-2020-24394