Published: 16/10/2016 Updated: 12/02/2023

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8

VMScore: 321

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

The filesystem implementation in the Linux kernel up to and including 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Debian Bug report logs - #770492 linux-image-3160-4-686-pae: chown removes securitycapability xattr on other users' files (CVE-2015-1350) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: wireshark-common, iputils-ping, fping Reported by: Ben Harris <bjh21@cama ...

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their p ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way This could allow a local user to gain ...

CWE-285 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef http://www.openwall.com/lists/oss-security/2016/08/26/3 https://bugzilla.redhat.com/show_bug.cgi?id=1368938 https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef http://www.spinics.net/lists/linux-fsdevel/msg98328.html http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 http://www.securityfocus.com/bid/92659 http://www.ubuntu.com/usn/USN-3147-1 http://www.ubuntu.com/usn/USN-3146-2 http://www.ubuntu.com/usn/USN-3146-1 https://source.android.com/security/bulletin/2017-04-01 http://www.securitytracker.com/id/1038201 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:1842 http://rhn.redhat.com/errata/RHSA-2017-0817.html https://support.f5.com/csp/article/K31603170?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/errata/RHSA-2017:0817 https://nvd.nist.gov https://usn.ubuntu.com/3161-4/https://alas.aws.amazon.com/ALAS-2017-805.html

CVE-2016-7097

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect