cbcvebase.
CVE-2008-1940
published 2008-04-25

CVE-2008-1940: The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the…

PriorityP413medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.32%
24.1th percentile
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.

Affected

7 ranges
VendorProductVersion rangeFixed in
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
grsecuritygrsecurity_kernel_patch
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.