CVEs-PoC/2021/CVE-2021-25314.md

### [CVE-2021-25314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25314)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Availability%2012-SP3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Availability%2012-SP5&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Availability%2015-SP2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=hawk2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-378%3A%20Creation%20of%20Temporary%20File%20With%20Insecure%20Permissions&color=brightgreen)

### Description

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

### POC

#### Reference
- https://bugzilla.suse.com/show_bug.cgi?id=1182166

#### Github
No PoCs found on GitHub currently.