Linux Kernel Local Privilege Escalation via setxattr
CVE-2016-7097 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:P/A:N
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.