CVE-2024-26822

critical

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

References

https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626

https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb

https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157

Details

Source: Mitre, NVD

Published: 2024-04-17

Updated: 2024-04-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical