4.6

CVE-2010-2071

Exploit

EPSS 0.06%
Published 16.06.2010 20:30:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 2.6.34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba

http://lkml.org/lkml/2010/5/17/544

Patch

Third Party Advisory

Exploit

http://www.openwall.com/lists/oss-security/2010/06/11/3

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2010/06/14/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2010-2071

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2071

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2071

EUVD