Published: 06/02/2017 Updated: 03/10/2019

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8

VMScore: 321

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

The simple_set_acl function in fs/posix_acl.c in the Linux kernel prior to 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileg ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their p ...

NVD-CWE-noinfo https://github.com/torvalds/linux/commit/497de07d89c1410d76a15bec2bb41f24a2a89f31 https://bugzilla.redhat.com/show_bug.cgi?id=1416126 http://www.openwall.com/lists/oss-security/2017/01/21/3 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31 http://www.securityfocus.com/bid/95717 http://www.securitytracker.com/id/1038053 http://www.debian.org/security/2017/dsa-3791 https://access.redhat.com/errata/RHSA-2017:0817 https://nvd.nist.gov https://usn.ubuntu.com/3234-1/https://www.debian.org/security/./dsa-3791

CVE-2017-5551

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect