PublicDateAtUSN: 2020-08-19 13:15:00 UTC
Candidate: CVE-2020-24394
PublicDate: 2020-08-19 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
 https://ubuntu.com/security/notices/USN-4465-1
 https://ubuntu.com/security/notices/USN-4483-1
 https://ubuntu.com/security/notices/USN-4485-1
Description:
 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set
 incorrect permissions on new filesystem objects when the filesystem lacks
 ACL support, aka CID-22cf8419f131. This occurs because the current umask is
 not considered.
Ubuntu-Description:
 It was discovered that the NFS server implementation in the Linux kernel
 did not properly honor umask settings when setting permissions while
 creating file system objects if the underlying file system did not support
 ACLs. An attacker could possibly use this to expose sensitive information
 or violate system integrity.
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N [7.1 HIGH]

Patches_linux:
 break-fix: 47057abde515155a4fee53038e7772d6b387e0aa 22cf8419f1319ff87ec759d0ebdff4cbafaee832
upstream_linux: released (5.8~rc4)
precise/esm_linux: not-affected (3.0.0-12.20)
trusty_linux: ignored (out of standard support)
trusty/esm_linux: not-affected (3.11.0-12.19)
xenial_linux: not-affected (4.2.0-16.19)
esm-infra/xenial_linux: not-affected (4.2.0-16.19)
bionic_linux: released (4.15.0-115.116)
focal_linux: released (5.4.0-45.49)
groovy_linux: not-affected (5.8.0-16.17)
devel_linux: not-affected (5.8.0-36.40+21.04.1)

Patches_linux-hwe:
upstream_linux-hwe: released (5.8~rc4)
precise/esm_linux-hwe: DNE
trusty_linux-hwe: DNE
trusty/esm_linux-hwe: DNE
xenial_linux-hwe: released (4.15.0-115.116~16.04.1)
esm-infra/xenial_linux-hwe: released (4.15.0-115.116~16.04.1)
bionic_linux-hwe: released (5.3.0-65.59)
focal_linux-hwe: DNE
groovy_linux-hwe: DNE
devel_linux-hwe: DNE

Patches_linux-hwe-5.4:
upstream_linux-hwe-5.4: released (5.8~rc4)
precise/esm_linux-hwe-5.4: DNE
trusty_linux-hwe-5.4: DNE
trusty/esm_linux-hwe-5.4: DNE
xenial_linux-hwe-5.4: DNE
bionic_linux-hwe-5.4: released (5.4.0-45.49~18.04.2)
focal_linux-hwe-5.4: DNE
groovy_linux-hwe-5.4: DNE
devel_linux-hwe-5.4: DNE

Patches_linux-hwe-edge:
upstream_linux-hwe-edge: released (5.8~rc4)
precise/esm_linux-hwe-edge: DNE
trusty_linux-hwe-edge: DNE
trusty/esm_linux-hwe-edge: DNE
xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
esm-infra/xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
bionic_linux-hwe-edge: ignored (was needs-triage now end-of-life)
focal_linux-hwe-edge: DNE
groovy_linux-hwe-edge: DNE
devel_linux-hwe-edge: DNE

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (5.8~rc4)
precise/esm_linux-lts-trusty: not-affected (3.13.0-24.46~precise1)
trusty_linux-lts-trusty: DNE
trusty/esm_linux-lts-trusty: DNE
xenial_linux-lts-trusty: DNE
bionic_linux-lts-trusty: DNE
focal_linux-lts-trusty: DNE
groovy_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE

Patches_linux-lts-xenial:
upstream_linux-lts-xenial: released (5.8~rc4)
precise/esm_linux-lts-xenial: DNE
trusty_linux-lts-xenial: ignored (out of standard support)
trusty/esm_linux-lts-xenial: not-affected (4.4.0-13.29~14.04.1)
xenial_linux-lts-xenial: DNE
bionic_linux-lts-xenial: DNE
focal_linux-lts-xenial: DNE
groovy_linux-lts-xenial: DNE
devel_linux-lts-xenial: DNE

Patches_linux-kvm:
upstream_linux-kvm: released (5.8~rc4)
precise/esm_linux-kvm: DNE
trusty_linux-kvm: DNE
trusty/esm_linux-kvm: DNE
xenial_linux-kvm: not-affected (4.4.0-1004.9)
esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9)
bionic_linux-kvm: released (4.15.0-1072.73)
focal_linux-kvm: released (5.4.0-1021.21)
groovy_linux-kvm: not-affected (5.8.0-1001.1)
devel_linux-kvm: not-affected (5.8.0-1010.11+21.04.1)

Patches_linux-aws:
upstream_linux-aws: released (5.8~rc4)
precise/esm_linux-aws: DNE
trusty_linux-aws: ignored (out of standard support)
trusty/esm_linux-aws: not-affected (4.4.0-1002.2)
xenial_linux-aws: not-affected (4.4.0-1001.10)
esm-infra/xenial_linux-aws: not-affected (4.4.0-1001.10)
bionic_linux-aws: released (4.15.0-1080.84)
focal_linux-aws: released (5.4.0-1022.22)
groovy_linux-aws: not-affected (5.8.0-1004.4)
devel_linux-aws: not-affected (5.8.0-1018.20+21.04.1)

Patches_linux-aws-5.0:
upstream_linux-aws-5.0: released (5.8~rc4)
precise/esm_linux-aws-5.0: DNE
trusty_linux-aws-5.0: DNE
trusty/esm_linux-aws-5.0: DNE
xenial_linux-aws-5.0: DNE
bionic_linux-aws-5.0: ignored (was needs-triage now end-of-life)
focal_linux-aws-5.0: DNE
groovy_linux-aws-5.0: DNE
devel_linux-aws-5.0: DNE

Patches_linux-aws-5.3:
upstream_linux-aws-5.3: released (5.8~rc4)
precise/esm_linux-aws-5.3: DNE
trusty_linux-aws-5.3: DNE
trusty/esm_linux-aws-5.3: DNE
xenial_linux-aws-5.3: DNE
bionic_linux-aws-5.3: released (5.3.0-1033.35)
focal_linux-aws-5.3: DNE
groovy_linux-aws-5.3: DNE
devel_linux-aws-5.3: DNE

Patches_linux-aws-hwe:
upstream_linux-aws-hwe: released (5.8~rc4)
precise/esm_linux-aws-hwe: DNE
trusty_linux-aws-hwe: DNE
trusty/esm_linux-aws-hwe: DNE
xenial_linux-aws-hwe: released (4.15.0-1080.84~16.04.1)
esm-infra/xenial_linux-aws-hwe: released (4.15.0-1080.84~16.04.1)
bionic_linux-aws-hwe: DNE
focal_linux-aws-hwe: DNE
groovy_linux-aws-hwe: DNE
devel_linux-aws-hwe: DNE

Patches_linux-azure:
upstream_linux-azure: released (5.8~rc4)
precise/esm_linux-azure: DNE
trusty_linux-azure: ignored (out of standard support)
trusty/esm_linux-azure: released (4.15.0-1093.103~14.04.1)
xenial_linux-azure: released (4.15.0-1093.103~16.04.1)
esm-infra/xenial_linux-azure: released (4.15.0-1093.103~16.04.1)
bionic_linux-azure: ignored (was needs-triage now end-of-life)
focal_linux-azure: released (5.4.0-1023.23)
groovy_linux-azure: not-affected (5.8.0-1004.4)
devel_linux-azure: not-affected (5.8.0-1016.17+21.04.1)

Patches_linux-azure-4.15:
upstream_linux-azure-4.15: released (5.8~rc4)
precise/esm_linux-azure-4.15: DNE
trusty_linux-azure-4.15: DNE
trusty/esm_linux-azure-4.15: DNE
xenial_linux-azure-4.15: DNE
bionic_linux-azure-4.15: released (4.15.0-1093.103)
focal_linux-azure-4.15: DNE
groovy_linux-azure-4.15: DNE
devel_linux-azure-4.15: DNE

Patches_linux-azure-5.3:
upstream_linux-azure-5.3: released (5.8~rc4)
precise/esm_linux-azure-5.3: DNE
trusty_linux-azure-5.3: DNE
trusty/esm_linux-azure-5.3: DNE
xenial_linux-azure-5.3: DNE
bionic_linux-azure-5.3: released (5.3.0-1035.36)
focal_linux-azure-5.3: DNE
groovy_linux-azure-5.3: DNE
devel_linux-azure-5.3: DNE

Patches_linux-azure-5.4:
upstream_linux-azure-5.4: released (5.8~rc4)
precise/esm_linux-azure-5.4: DNE
trusty_linux-azure-5.4: DNE
trusty/esm_linux-azure-5.4: DNE
xenial_linux-azure-5.4: DNE
bionic_linux-azure-5.4: released (5.4.0-1023.23~18.04.1)
focal_linux-azure-5.4: DNE
groovy_linux-azure-5.4: DNE
devel_linux-azure-5.4: DNE

Patches_linux-azure-edge:
upstream_linux-azure-edge: released (5.8~rc4)
precise/esm_linux-azure-edge: DNE
trusty_linux-azure-edge: DNE
trusty/esm_linux-azure-edge: DNE
xenial_linux-azure-edge: DNE
bionic_linux-azure-edge: ignored (was needs-triage now end-of-life)
focal_linux-azure-edge: DNE
groovy_linux-azure-edge: DNE
devel_linux-azure-edge: DNE

Patches_linux-gcp:
upstream_linux-gcp: released (5.8~rc4)
precise/esm_linux-gcp: DNE
trusty_linux-gcp: DNE
trusty/esm_linux-gcp: DNE
xenial_linux-gcp: released (4.15.0-1081.92~16.04.1)
esm-infra/xenial_linux-gcp: released (4.15.0-1081.92~16.04.1)
bionic_linux-gcp: ignored (was needs-triage now end-of-life)
focal_linux-gcp: released (5.4.0-1022.22)
groovy_linux-gcp: not-affected (5.8.0-1002.2)
devel_linux-gcp: not-affected (5.8.0-1015.15+21.04.1)

Patches_linux-gcp-4.15:
upstream_linux-gcp-4.15: released (5.8~rc4)
precise/esm_linux-gcp-4.15: DNE
trusty_linux-gcp-4.15: DNE
trusty/esm_linux-gcp-4.15: DNE
xenial_linux-gcp-4.15: DNE
bionic_linux-gcp-4.15: released (4.15.0-1081.92)
focal_linux-gcp-4.15: DNE
groovy_linux-gcp-4.15: DNE
devel_linux-gcp-4.15: DNE

Patches_linux-gcp-5.3:
upstream_linux-gcp-5.3: released (5.8~rc4)
precise/esm_linux-gcp-5.3: DNE
trusty_linux-gcp-5.3: DNE
trusty/esm_linux-gcp-5.3: DNE
xenial_linux-gcp-5.3: DNE
bionic_linux-gcp-5.3: ignored (was needs-triage now end-of-life)
focal_linux-gcp-5.3: DNE
groovy_linux-gcp-5.3: DNE
devel_linux-gcp-5.3: DNE

Patches_linux-gcp-edge:
upstream_linux-gcp-edge: released (5.8~rc4)
precise/esm_linux-gcp-edge: DNE
trusty_linux-gcp-edge: DNE
trusty/esm_linux-gcp-edge: DNE
xenial_linux-gcp-edge: DNE
bionic_linux-gcp-edge: ignored (was needs-triage now end-of-life)
focal_linux-gcp-edge: DNE
groovy_linux-gcp-edge: DNE
devel_linux-gcp-edge: DNE

Patches_linux-gke-4.15:
upstream_linux-gke-4.15: released (5.8~rc4)
precise/esm_linux-gke-4.15: DNE
trusty_linux-gke-4.15: DNE
trusty/esm_linux-gke-4.15: DNE
xenial_linux-gke-4.15: DNE
bionic_linux-gke-4.15: released (4.15.0-1067.70)
focal_linux-gke-4.15: DNE
groovy_linux-gke-4.15: DNE
devel_linux-gke-4.15: DNE

Patches_linux-gke-5.0:
upstream_linux-gke-5.0: released (5.8~rc4)
precise/esm_linux-gke-5.0: DNE
trusty_linux-gke-5.0: DNE
trusty/esm_linux-gke-5.0: DNE
xenial_linux-gke-5.0: DNE
bionic_linux-gke-5.0: ignored (was needed now end-of-life)
focal_linux-gke-5.0: DNE
groovy_linux-gke-5.0: DNE
devel_linux-gke-5.0: DNE

Patches_linux-gke-5.3:
upstream_linux-gke-5.3: released (5.8~rc4)
precise/esm_linux-gke-5.3: DNE
trusty_linux-gke-5.3: DNE
trusty/esm_linux-gke-5.3: DNE
xenial_linux-gke-5.3: DNE
bionic_linux-gke-5.3: released (5.3.0-1033.35)
focal_linux-gke-5.3: DNE
groovy_linux-gke-5.3: DNE
devel_linux-gke-5.3: DNE

Patches_linux-oracle:
upstream_linux-oracle: released (5.8~rc4)
precise/esm_linux-oracle: DNE
trusty_linux-oracle: DNE
trusty/esm_linux-oracle: DNE
xenial_linux-oracle: released (4.15.0-1051.55~16.04.1)
esm-infra/xenial_linux-oracle: released (4.15.0-1051.55~16.04.1)
bionic_linux-oracle: released (4.15.0-1051.55)
focal_linux-oracle: released (5.4.0-1022.22)
groovy_linux-oracle: not-affected (5.8.0-1001.1)
devel_linux-oracle: not-affected (5.8.0-1014.14+21.04.1)

Patches_linux-oracle-5.0:
upstream_linux-oracle-5.0: released (5.8~rc4)
precise/esm_linux-oracle-5.0: DNE
trusty_linux-oracle-5.0: DNE
trusty/esm_linux-oracle-5.0: DNE
xenial_linux-oracle-5.0: DNE
bionic_linux-oracle-5.0: ignored (was needs-triage now end-of-life)
focal_linux-oracle-5.0: DNE
groovy_linux-oracle-5.0: DNE
devel_linux-oracle-5.0: DNE

Patches_linux-oracle-5.3:
upstream_linux-oracle-5.3: released (5.8~rc4)
precise/esm_linux-oracle-5.3: DNE
trusty_linux-oracle-5.3: DNE
trusty/esm_linux-oracle-5.3: DNE
xenial_linux-oracle-5.3: DNE
bionic_linux-oracle-5.3: ignored (was needs-triage now end-of-life)
focal_linux-oracle-5.3: DNE
groovy_linux-oracle-5.3: DNE
devel_linux-oracle-5.3: DNE

Patches_linux-oem:
upstream_linux-oem: released (5.8~rc4)
precise/esm_linux-oem: DNE
trusty_linux-oem: DNE
trusty/esm_linux-oem: DNE
xenial_linux-oem: ignored (was needs-triage now end-of-life)
bionic_linux-oem: released (4.15.0-1094.104)
focal_linux-oem: DNE
groovy_linux-oem: DNE
devel_linux-oem: DNE

Patches_linux-oem-5.6:
upstream_linux-oem-5.6: released (5.8~rc4)
precise/esm_linux-oem-5.6: DNE
trusty_linux-oem-5.6: DNE
trusty/esm_linux-oem-5.6: DNE
xenial_linux-oem-5.6: DNE
bionic_linux-oem-5.6: DNE
focal_linux-oem-5.6: released (5.6.0-1031.32)
groovy_linux-oem-5.6: DNE
devel_linux-oem-5.6: DNE

Patches_linux-oem-osp1:
upstream_linux-oem-osp1: released (5.8~rc4)
precise/esm_linux-oem-osp1: DNE
trusty_linux-oem-osp1: DNE
trusty/esm_linux-oem-osp1: DNE
xenial_linux-oem-osp1: DNE
bionic_linux-oem-osp1: ignored (was needed now end-of-life)
focal_linux-oem-osp1: DNE
groovy_linux-oem-osp1: DNE
devel_linux-oem-osp1: DNE

Patches_linux-raspi:
upstream_linux-raspi: released (5.8~rc4)
precise/esm_linux-raspi: DNE
trusty_linux-raspi: DNE
trusty/esm_linux-raspi: DNE
xenial_linux-raspi: DNE
bionic_linux-raspi: DNE
focal_linux-raspi: released (5.4.0-1016.17)
groovy_linux-raspi: not-affected (5.4.0-1016.17)
devel_linux-raspi: not-affected (5.8.0-1008.11+21.04.1)

Patches_linux-raspi2:
upstream_linux-raspi2: released (5.8~rc4)
precise/esm_linux-raspi2: DNE
trusty_linux-raspi2: DNE
trusty/esm_linux-raspi2: DNE
xenial_linux-raspi2: not-affected (4.2.0-1013.19)
bionic_linux-raspi2: released (4.15.0-1068.72)
focal_linux-raspi2: ignored (was needs-triage now end-of-life)
groovy_linux-raspi2: DNE
devel_linux-raspi2: DNE

Patches_linux-raspi2-5.3:
upstream_linux-raspi2-5.3: released (5.8~rc4)
precise/esm_linux-raspi2-5.3: DNE
trusty_linux-raspi2-5.3: DNE
trusty/esm_linux-raspi2-5.3: DNE
xenial_linux-raspi2-5.3: DNE
bionic_linux-raspi2-5.3: released (5.3.0-1032.34)
focal_linux-raspi2-5.3: DNE
groovy_linux-raspi2-5.3: DNE
devel_linux-raspi2-5.3: DNE

Patches_linux-raspi-5.4:
upstream_linux-raspi-5.4: released (5.8~rc4)
precise/esm_linux-raspi-5.4: DNE
trusty_linux-raspi-5.4: DNE
trusty/esm_linux-raspi-5.4: DNE
xenial_linux-raspi-5.4: DNE
bionic_linux-raspi-5.4: released (5.4.0-1016.17~18.04.1)
focal_linux-raspi-5.4: DNE
groovy_linux-raspi-5.4: DNE
devel_linux-raspi-5.4: DNE

Patches_linux-riscv:
upstream_linux-riscv: released (5.8~rc4)
precise/esm_linux-riscv: DNE
trusty_linux-riscv: DNE
trusty/esm_linux-riscv: DNE
xenial_linux-riscv: DNE
bionic_linux-riscv: DNE
focal_linux-riscv: released (5.4.0-31.35)
groovy_linux-riscv: not-affected (5.8.0-1.1)
devel_linux-riscv: not-affected (5.8.0-10.12+21.04.1)

Patches_linux-snapdragon:
upstream_linux-snapdragon: released (5.8~rc4)
precise/esm_linux-snapdragon: DNE
trusty_linux-snapdragon: DNE
trusty/esm_linux-snapdragon: DNE
xenial_linux-snapdragon: not-affected (4.4.0-1013.15)
bionic_linux-snapdragon: released (4.15.0-1084.92)
focal_linux-snapdragon: DNE
groovy_linux-snapdragon: DNE
devel_linux-snapdragon: DNE

Patches_linux-oracle-5.4:
upstream_linux-oracle-5.4: released (5.8~rc4)
precise/esm_linux-oracle-5.4: DNE
trusty_linux-oracle-5.4: DNE
trusty/esm_linux-oracle-5.4: DNE
xenial_linux-oracle-5.4: DNE
bionic_linux-oracle-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-oracle-5.4: DNE
groovy_linux-oracle-5.4: DNE
devel_linux-oracle-5.4: DNE

Patches_linux-gcp-5.4:
upstream_linux-gcp-5.4: released (5.8~rc4)
precise/esm_linux-gcp-5.4: DNE
trusty_linux-gcp-5.4: DNE
trusty/esm_linux-gcp-5.4: DNE
xenial_linux-gcp-5.4: DNE
bionic_linux-gcp-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-gcp-5.4: DNE
groovy_linux-gcp-5.4: DNE
devel_linux-gcp-5.4: DNE

Patches_linux-aws-5.4:
upstream_linux-aws-5.4: released (5.8~rc4)
precise/esm_linux-aws-5.4: DNE
trusty_linux-aws-5.4: DNE
trusty/esm_linux-aws-5.4: DNE
xenial_linux-aws-5.4: DNE
bionic_linux-aws-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-aws-5.4: DNE
groovy_linux-aws-5.4: DNE
devel_linux-aws-5.4: DNE

Patches_linux-hwe-5.8:
upstream_linux-hwe-5.8: released (5.8~rc4)
precise/esm_linux-hwe-5.8: DNE
trusty_linux-hwe-5.8: DNE
trusty/esm_linux-hwe-5.8: DNE
xenial_linux-hwe-5.8: DNE
bionic_linux-hwe-5.8: DNE
focal_linux-hwe-5.8: not-affected (5.8.0-23.24~20.04.1)
groovy_linux-hwe-5.8: DNE
devel_linux-hwe-5.8: DNE

Patches_linux-gke-5.4:
upstream_linux-gke-5.4: released (5.8~rc4)
precise/esm_linux-gke-5.4: DNE
trusty_linux-gke-5.4: DNE
trusty/esm_linux-gke-5.4: DNE
xenial_linux-gke-5.4: DNE
bionic_linux-gke-5.4: not-affected (5.4.0-1025.25~18.04.1)
focal_linux-gke-5.4: DNE
groovy_linux-gke-5.4: DNE
devel_linux-gke-5.4: DNE

Patches_linux-gkeop-5.4:
upstream_linux-gkeop-5.4: released (5.8~rc4)
precise/esm_linux-gkeop-5.4: DNE
trusty_linux-gkeop-5.4: DNE
trusty/esm_linux-gkeop-5.4: DNE
xenial_linux-gkeop-5.4: DNE
bionic_linux-gkeop-5.4: not-affected (5.4.0-1001.1)
focal_linux-gkeop-5.4: DNE
groovy_linux-gkeop-5.4: DNE
devel_linux-gkeop-5.4: DNE

Patches_linux-dell300x:
upstream_linux-dell300x: released (5.8~rc4)
precise/esm_linux-dell300x: DNE
trusty_linux-dell300x: DNE
trusty/esm_linux-dell300x: DNE
xenial_linux-dell300x: DNE
bionic_linux-dell300x: not-affected (4.15.0-1005.8)
focal_linux-dell300x: DNE
groovy_linux-dell300x: DNE
devel_linux-dell300x: DNE

Patches_linux-oem-5.10:
upstream_linux-oem-5.10: released (5.8~rc4)
precise/esm_linux-oem-5.10: DNE
trusty_linux-oem-5.10: DNE
trusty/esm_linux-oem-5.10: DNE
xenial_linux-oem-5.10: DNE
bionic_linux-oem-5.10: DNE
focal_linux-oem-5.10: not-affected (5.10.0-1008.9)
groovy_linux-oem-5.10: DNE
devel_linux-oem-5.10: DNE

Patches_linux-gkeop:
upstream_linux-gkeop: released (5.8~rc4)
precise/esm_linux-gkeop: DNE
trusty_linux-gkeop: DNE
trusty/esm_linux-gkeop: DNE
xenial_linux-gkeop: DNE
bionic_linux-gkeop: DNE
focal_linux-gkeop: not-affected (5.4.0-1008.9)
groovy_linux-gkeop: DNE
devel_linux-gkeop: DNE