Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2020-24394

Disclosure Date: August 19, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.1 High
Impact Score:
5.2
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • canonical,
  • linux,
  • opensuse,
  • oracle,
  • starwindsoftware

Products

  • leap 15.1,
  • linux kernel,
  • sd-wan edge 8.2,
  • starwind virtual san v8,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 20.04
Technical Analysis