CVE-2020-35513
kernel: Nfsd failure to clear umask after processing an open or create
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
Se encontró un fallo sin máscara incorrecto durante la modificación de archivos o directorios en la funcionalidad Linux kernel NFS (sistema de archivo de red) en la manera en que el usuario crea y elimina objetos usando NFSv4.2 o más reciente si ambos acceden simultáneamente al NFS por el otro proceso que no está usando el nuevo NFSv4.2. Un usuario con acceso al NFS podría usar este fallo para privar de recursos causando una denegación de servicio
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-01-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-271: Privilege Dropping / Lowering Errors
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297%40fieldses.org | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1911309 | 2021-02-02 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-35513 | 2021-02-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.2 Search vendor "Linux" for product "Linux Kernel" and version "4.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
|