A flaw was found in util-linux's libmount. An issue related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory.
RHEL 6, 7 and 8 are not affected by this bug as they ship an older version of util-linux which does not allow unprivileged users to unmount FUSE mount points for the current user (e.g. is_fuse_usermount() function does not exist).
Upstream patch: https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb
Release notes: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
Created util-linux tracking bugs for this issue: Affects: fedora-all [bug 2044307]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3996
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days