CVE-2024-26822

Sažetak

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

Reference

https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157
https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb
https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626
https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157
https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb
https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

27-03-2025 - 20:43

Objavljeno

17-04-2024 - 10:15