A flaw was found in util-linux's libmount. Improper uid check allows an unprivileged user to unmount FUSE filesystems of users with similar uid.
RHEL 6, 7 and 8 are not affected by this bug as they ship an older version of util-linux which does not allow unprivileged users to unmount FUSE mount points for the current user (e.g. is_fuse_usermount() function does not exist).
Upstream patch: https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
Release notes: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
Created util-linux tracking bugs for this issue: Affects: fedora-all [bug 2044306]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3995