CVE-2014-9710 in Kernelinfo

Summary

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

03/24/2015

Disclosure

05/27/2015

Moderation

VulDB entry created

Entries

VDB-74103 (1)

CPE

ready

CWE

CWE-362 (Confirmed)

CVSS

5.9

EPSS

0.00034

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9710
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9710
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9710/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!