{"id":"CVE-2020-24394","details":"In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.","modified":"2026-03-15T22:34:58.731315Z","published":"2020-08-19T13:15:10.177Z","related":["ALSA-2021:1578","SUSE-SU-2020:2540-1","SUSE-SU-2020:2541-1","SUSE-SU-2020:2574-1","SUSE-SU-2020:2575-1","SUSE-SU-2020:2605-1","SUSE-SU-2020:2610-1","SUSE-SU-2020:2623-1","SUSE-SU-2020:2631-1","SUSE-SU-2020:3180-1","SUSE-SU-2020:3187-1","SUSE-SU-2020:3190-1","SUSE-SU-2020:3204-1","SUSE-SU-2020:3210-1","openSUSE-SU-2020:1325-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200904-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4465-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4483-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4485-1/"},{"type":"ADVISORY","url":"https://www.starwindsoftware.com/security/sw-20210325-0004/"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"22cf8419f1319ff87ec759d0ebdff4cbafaee832"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"22cf8419f1319ff87ec759d0ebdff4cbafaee832"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24394.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.7.8"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build12533"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build12658"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build12859"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build13170"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build13586"}]},{"events":[{"introduced":"0"},{"last_affected":"v8-build13861"}]},{"events":[{"introduced":"0"},{"fixed":"5.7.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}