CVE-2024-26822

MEDIUM5.5

smb: client: set correct id, uid and cruid for multiuser automounts

Published Apr 17, 2024

Modified 8 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: set correct id, uid and cruid for multiuser automounts

When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

References

WEBhttps://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157 WEBhttps://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb WEBhttps://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-26822

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Ecosystems

Timeline

PublishedApr 17, 2024

ModifiedMay 4, 2025