CVE-2021-25314
Summary
| CVE | CVE-2021-25314 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-14 15:15:00 UTC |
| Updated | 2023-04-14 18:49:00 UTC |
| Description | A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. |
Risk And Classification
Problem Types: CWE-378
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Suse | Hawk2 | All | All | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 12 | sp5 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 15 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 1182166 – VUL-0: CVE-2021-25314: hawk: Insecure file permissions | CONFIRM | bugzilla.suse.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Johannes Segitz of SUSE
Legacy QID Mappings
- 750296 OpenSUSE Security Update for hawk2 (openSUSE-SU-2021:0473-1)