UBUNTU-CVE-2016-7097

Description

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

CVSS Metrics

• v3.0•MEDIUM•Score: 4.4CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Systems

• ubuntu•linux

  < 3.13.0-132.181 | < 4.4.0-51.72

• ubuntu•linux-azure

  all

• ubuntu•linux-azure-6.11

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-gcp

  all

• ubuntu•linux-gcp-6.11

  all

• ubuntu•linux-gke

  all

• ubuntu•linux-gkeop

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-6.11

  all

• ubuntu•linux-hwe-edge

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-lowlatency-hwe-6.11

  all

• ubuntu•linux-lts-xenial

  < 4.4.0-51.72~14.04.1

• ubuntu•linux-oem

  all

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1038.45 | all

• ubuntu•linux-realtime

  all | all

• ubuntu•linux-riscv

  all | all | all

• ubuntu•linux-snapdragon

  < 4.4.0-1042.46

References (15)

• https://ubuntu.com/security/CVE-2016-7097
• http://www.spinics.net/lists/linux-fsdevel/msg98328.html
• http://www.spinics.net/lists/linux-fsdevel/msg101138.html
• http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
• https://bugzilla.redhat.com/show_bug.cgi?id=1368938
• http://seclists.org/oss-sec/2016/q3/380
• https://ubuntu.com/security/notices/USN-3146-1
• https://ubuntu.com/security/notices/USN-3146-2
• https://ubuntu.com/security/notices/USN-3147-1
• https://ubuntu.com/security/notices/USN-3161-3
• https://ubuntu.com/security/notices/USN-3161-4
• https://ubuntu.com/security/notices/USN-3162-2
• https://ubuntu.com/security/notices/USN-3422-1
• https://ubuntu.com/security/notices/USN-3422-2
• https://www.cve.org/CVERecord?id=CVE-2016-7097