CVE-2024-26822

MEDIUM

Linux kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount.

References (5)

[Patch] https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157

[Patch] https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb

[Patch] https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626

[Patch] https://git.kernel.org/stable/c/2ceba8ae1bd1f5589548cb722a5c583ca3a2dede

[Patch] https://git.kernel.org/stable/c/4a6e4c56721a3e6e2550b72ec56aab306c4607a7

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

Status draft

Affected Products (10)

linux/linux_kernel < 6.6.18

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 5.15.201linux

linux/Kernel < 6.1.164linux

linux/Kernel < 6.7.6linux

Timeline

Published Apr 17, 2024

Tracked Since Feb 18, 2026