CVE-2024-26822

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb: client: set correct id, uid and cruid for multiuser automounts

When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc8117ac42303f7ae99bbe53e4952f7d147cca1fb < 4a6e4c56721a3e6e2550b72ec56aab306c4607a7affected
LinuxLinux60e3318e3e900ba1ddfead937012b3432dfccc92 < 2ceba8ae1bd1f5589548cb722a5c583ca3a2dedeaffected
LinuxLinux9fd29a5bae6e8f94b410374099a6fddb253d2d5f < c2aa2718cda2d56b4a551cb40043e9abc9684626affected
LinuxLinux9fd29a5bae6e8f94b410374099a6fddb253d2d5f < 7590ba9057c6d74c66f3b909a383ec47cd2f27fbaffected
LinuxLinux9fd29a5bae6e8f94b410374099a6fddb253d2d5f < 4508ec17357094e2075f334948393ddedbb75157affected
LinuxLinux5.15.124 < 5.15.201affected
LinuxLinux6.1.54 < 6.1.164affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux5.15.201 <= 5.15.*unaffected
LinuxLinux6.1.164 <= 6.1.*unaffected
LinuxLinux6.6.18 <= 6.6.*unaffected
LinuxLinux6.7.6 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References