In the Linux kernel, the following vulnerability has been resolved: fs: relax mount_setattr() permission checks The Linux kernel CVE team has assigned CVE-2024-26821 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041702-CVE-2024-26821-de6b@gregkh/T
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2275617]
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26821 is: CHECK Maybe valid. Check manually. with impact MODERATE (that is approximation based on flags DISK IMPROVEONLY ; these flags parsed automatically based on patche data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later.
Note, his has been rejected upstream: "The Linux kernel CVE team has assigned CVE-2024-26821 to this issue. This one probably needs to be disputed as it isn't an actual vulnerability, but rather a fix for the mount_setattr which previously didn't allow reconfiguring the real rootfs similar to what the mount syscall always allowed to do. So it merely brings mount_attr up to par with mount in terms of allowing the real rootfs to be reconfigured. Christian, what do you think ? Yeah, it's not security related at all. It just allows _additional_ functionality. Not sure how that ended up on the CVE list. Thanks for pinging about this! Now rejected, thanks all for reviewing this and letting us know. greg k-h"
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2024051643-REJECTED-4a96@gregkh/