PublicDateAtUSN: 2022-02-01 00:00:00 UTC
Candidate: CVE-2021-3995
CRD: 2022-02-01 00:00:00 UTC
PublicDate: 2022-01-24 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
 https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
 https://www.openwall.com/lists/oss-security/2022/01/24/2
 https://ubuntu.com/security/notices/USN-5279-1
Description:
 Unauthorized unmount of FUSE filesystems belonging to users with
 similar uid
Ubuntu-Description:
Notes:
 sbeattie> introduced in 5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34)
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:


Patches_util-linux:
 upstream: https://github.com/util-linux/util-linux/commit/9c05f4b6bf62a20a64a8e5735c7f3dcf0229e895
 upstream: https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
upstream_util-linux: released (2.37.3-1)
trusty_util-linux: not-affected (code not present)
trusty/esm_util-linux: not-affected (code not present)
xenial_util-linux: not-affected (code not present)
esm-infra/xenial_util-linux: not-affected (code not present)
bionic_util-linux: not-affected (code not present)
focal_util-linux: released (2.34-0.1ubuntu9.3)
impish_util-linux: released (2.36.1-8ubuntu2.2)
jammy_util-linux: released (2.37.2-4ubuntu2)
devel_util-linux: released (2.37.2-4ubuntu2)