CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-26822: smb: client: set correct id, uid and cruid for multiuser automounts

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: set correct id, uid and cruid for multiuser automounts

When uid, gid and cruid are not specified, we need to dynamically
set them into the filesystem context used for automounting otherwise
they'll end up reusing the values from the parent mount.

Classification

CVE ID: CVE-2024-26822

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626
https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb
https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157

Timeline

2024-12-20 00:34:19 UTC
CVE

smb: client: set correct id, uid and cruid for multiuser automounts