Wind River Support Network

HomeDefectsLIN1021-492
Fixed

LIN1021-492 : Security Advisory - fuse - CVE-2021-33805

Created: Jun 6, 2021    Updated: Jul 19, 2021
Resolved Date: Jul 8, 2021
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

In the reference implementation of FUSE before 2.9.8 and 3.x before 3.2.5, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active.

CREATE(Triage):(User=admin) CVE-2021-33805 (https://nvd.nist.gov/vuln/detail/CVE-2021-33805)

CVEs


Live chat
Online