A flaw was found in util-linux's libmount. An issue related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory.
RHEL 6, 7 and 8 are not affected by this bug as they ship an older version of util-linux which does not allow unprivileged users to unmount FUSE mount points for the current user (e.g. is_fuse_usermount() function does not exist).
Created util-linux tracking bugs for this issue:
Affects: fedora-all [bug 2044307]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days