Medium severity4.4NVD Advisory· Published Oct 16, 2016· Updated May 6, 2026
CVE-2016-7097
CVE-2016-7097
Description
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatch
- marc.infonvdPatch
- www.spinics.net/lists/linux-fsdevel/msg98328.htmlnvdPatchThird Party Advisory
- github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caefnvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- www.openwall.com/lists/oss-security/2016/08/26/3nvdMailing List
- rhn.redhat.com/errata/RHSA-2017-0817.htmlnvd
- www.securityfocus.com/bid/92659nvd
- www.securitytracker.com/id/1038201nvd
- www.ubuntu.com/usn/USN-3146-1nvd
- www.ubuntu.com/usn/USN-3146-2nvd
- www.ubuntu.com/usn/USN-3147-1nvd
- access.redhat.com/errata/RHSA-2017:1842nvd
- access.redhat.com/errata/RHSA-2017:2077nvd
- access.redhat.com/errata/RHSA-2017:2669nvd
- source.android.com/security/bulletin/2017-04-01nvd
- support.f5.com/csp/article/K31603170nvd
News mentions
0No linked articles in our index yet.