CVE-2018-13405 (https://nvd.nist.gov/vuln/detail/CVE-2018-13405): The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
Fixes available in: 4.17: >=sys-kernel/gentoo-sources-4.17.7 4.14: >=sys-kernel/gentoo-sources-4.14.56 4.9: >=sys-kernel/gentoo-sources-4.9.113 4.4: >=sys-kernel/gentoo-sources-4.4.141
x86 stable
amd64 stable
Superseded by bug 663744, moving.