CVE-2018-13405

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-13405

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-13405.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-13405

Downstream

DEBIAN-CVE-2018-13405

DLA-1466-1

DLA-1529-1

DSA-4266-1

RHSA-2018:2948

RHSA-2018:3083

RHSA-2018:3096

RHSA-2019:0717

RHSA-2019:2476

RHSA-2019:2566

RHSA-2019:2696

RHSA-2019:2730

RHSA-2019:4159

RHSA-2019:4164

SUSE-SU-2018:2051-1

SUSE-SU-2018:2092-1

SUSE-SU-2018:2150-1

SUSE-SU-2018:2222-1

SUSE-SU-2018:2344-1

SUSE-SU-2018:2344-2

SUSE-SU-2018:2362-1

SUSE-SU-2018:2384-1

SUSE-SU-2021:3723-1

SUSE-SU-2021:3748-1

SUSE-SU-2021:3876-1

SUSE-SU-2021:3929-1

SUSE-SU-2021:3935-1

SUSE-SU-2021:3972-1

UBUNTU-CVE-2018-13405

USN-3752-1

USN-3752-2

USN-3752-3

USN-3753-1

USN-3753-2

USN-3754-1

openSUSE-SU-2021:1477-1

openSUSE-SU-2021:3876-1

Related

Published

2018-07-06T14:29:01.223Z

Modified

2025-11-28T11:33:52.749910Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

References

Affected packages

Git / github.com/torvalds/linux

Affected ranges

Type: GIT
Repo: https://github.com/torvalds/linux
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7