CVE-2020-24394
moderate-risk
Published 2020-08-19
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (13)
Affected Vendors
References (20)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
Issue Tracking
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0003/
Third Party Advisory
https://usn.ubuntu.com/4465-1/
Third Party Advisory
https://usn.ubuntu.com/4483-1/
Third Party Advisory
https://usn.ubuntu.com/4485-1/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0004/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
Issue Tracking
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0003/
Third Party Advisory
https://usn.ubuntu.com/4465-1/
Third Party Advisory
https://usn.ubuntu.com/4483-1/
Third Party Advisory
https://usn.ubuntu.com/4485-1/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0004/
39
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
17/34 · Moderate