Unrated severityNVD Advisory· Published Jun 16, 2010· Updated Jun 16, 2026

CVE-2010-2071

Description

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=2.6.34
Linux/Linux kernelllm-fuzzy
Range: <=2.6.34

Patches

Vulnerability mechanics

References

lkml.org/lkml/2010/5/17/544nvdExploitPatchThird Party Advisory
www.openwall.com/lists/oss-security/2010/06/11/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2010/06/14/2nvdMailing ListThird Party Advisory
git.kernel.orgnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000