CVE-2010-2071

N/A Unknown
Published: June 16, 2010 Modified: April 29, 2026
View on NVD

Description

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba
Source: secalert@redhat.com
http://lkml.org/lkml/2010/5/17/544
Source: secalert@redhat.com
Exploit Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/11/3
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/14/2
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba
Source: af854a3a-2127-422b-91ae-364da2661108
http://lkml.org/lkml/2010/5/17/544
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/11/3
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/14/2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
19th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

linux

Related CVEs

CVE-2026-44403 7.2
CVE-2026-44246 7.2
CVE-2026-44240 7.5
CVE-2026-44232 N/A
CVE-2026-44224 N/A