How severe is CVE-2021-4037?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-4037?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-4037 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

Related Vulnerabilities

CVE-2012-6689

HIGH

CVSS:7.8(High)

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlin...

CWE-2842012

CVE-2013-6272

HIGH

CVSS:7.8(High)

The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls...

CWE-2842013

CVE-2014-9865

HIGH

CVSS:7.8(High)

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges vi...

CWE-2842014

CVE-2014-9961

HIGH

CVSS:7.8(High)

In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.

CWE-2842014

CVE-2015-1336

HIGH

CVSS:7.8(High)

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

CWE-2842015

CVE-2015-8307

HIGH

CVSS:7.8(High)

The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-U...

CWE-2842015