Linux Kernel Local Privilege Escalation via setxattr

Linux Kernel Local Privilege Escalation via setxattr

CVE-2016-7097 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:P/A:N

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.