CVE-2010-2071 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-2071 Interim 1 3 2021-06-09T08:55:12Z current 2021-05-30T12:51:56Z 2021-06-09T08:55:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-2071 The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2010-09/msg00011.html E-Mail link for SUSE-SA:2010:046 https://www.suse.com/support/security/rating/ SUSE Security Ratings The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. CVE-2010-2071 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P