CVE-2024-46695 — Incorrect Default Permissions in Linux

CWE-276 — Incorrect Default Permissions CWE-287 — Improper Authentication30 documents7 sources

Severity

4.4MEDIUMNVD

OSV8.8OSV5.5

EPSS

0.0%

top 99.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +7 more

Timeline

PublishedSep 13

Latest updateJan 20

Description

In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the call…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages12 packages

▶NVDlinux/linux_kernel6.7 — 6.10.8+2

▶Debianlinux/linux_kernel< 5.10.234-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-127.137+1

▶msrcmsrc/azl3_kernel_6.6.47.1-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.51.1-5_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-01-20

▶

OSV

linux-azure, linux-intel-iotg-5.15 vulnerabilities↗2025-01-09

▶

OSV

linux-azure, linux-azure-6.8 vulnerabilities↗2025-01-09

▶

OSV

linux-azure-5.15 vulnerabilities↗2025-01-09

▶

OSV

linux-hwe-6.8 vulnerabilities↗2025-01-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2025-01-20

▶

Ubuntu

Linux kernel vulnerabilities↗2025-01-09

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-01-09

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-01-09

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2025-01-06

▶