CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
10.1%
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not
properly clean up an inode when an O_EXCL create fails, which causes files
to be created with insecure settings such as setuid bits, and possibly
allows local users to gain privileges, related to the execution of the
do_open_permission function even when a create fails.