CVE-2020-35513 — Privilege Dropping / Lowering Errors in Linux

CWE-271 — Privilege Dropping / Lowering Errors6 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 45.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedJan 26

Latest updateSep 26

Description

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶Debianlinux/linux_kernel< 4.16.5-1+3

▶CVEListV5linux/linux_kernelbefore kernel 4.17-rc1

▶NVDlinux/linux_kernel4.2

▶debiandebian/linux< linux 4.16.5-1 (bookworm)

Also affects: Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-7qpq-c35p-wc3c: A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user cre↗2022-05-24

▶

OSV

CVE-2020-35513: A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user cre↗2021-01-26

▶

📋Vendor Advisories

Red Hat

kernel: Nfsd failure to clear umask after processing an open or create↗2020-12-21

▶

Debian

CVE-2020-35513: linux - A flaw incorrect umask during file or directory modification in the Linux kernel...↗2020

▶

📄Research Papers

arXiv

Timeloops: Automatic System Call Policy Learning for Containerized Microservices↗2022-09-26

▶