CVE-2020-24394

CVE	CVE-2020-24394
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-08-19 13:15:00 UTC
Updated	2022-10-25 17:03:00 UTC
Description	In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

Problem Types: CWE-732

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Application	Oracle	Sd-wan Edge	8.2	All	All	All
Application	Starwindsoftware	Starwind Virtual San	-	All	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build12533	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build12658	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build12859	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build13170	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build13586	All	All
Application	Starwindsoftware	Starwind Virtual San	v8	build13861	All	All

Reference	Source	Link	Tags
[security-announce] openSUSE-SU-2020:1325-1: important: Security update	SUSE	lists.opensuse.org	Third Party Advisory
USN-4483-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
#962254 - NFSv4.2: umask not applied on filesystem without ACL support - Debian Bug report logs	MISC	bugs.debian.org	Issue Tracking, Third Party Advisory
CVE-2020-24394 Linux Kernel vulnerability in StarWind VSAN for vSphere (VSA)	MISC	www.starwindsoftware.com
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org	Patch, Vendor Advisory
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8	MISC	cdn.kernel.org	Release Notes, Vendor Advisory
CVE-2020-24394 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
USN-4465-1: linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
USN-4485-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

159185 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-1578)
239314 Red Hat Update for kernel-rt (RHSA-2021:1739)
239339 Red Hat Update for kernel (RHSA-2021:1578)
900078 CBL-Mariner Linux Security Update for kernel 5.4.91
903124 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3510)
905770 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3510-1)
940354 AlmaLinux Security Update for kernel (ALSA-2021:1578)