CVE-2021-3995: 
NixOS vulnerability analysis and mitigation

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. The vulnerability, identified as CVE-2021-3995, affects util-linux versions from 2.34 up to (excluding) 2.37.3. The issue was discovered and reported by the Qualys Security Advisory team (Openwall List, Release Notes).

The vulnerability exists in the libmount library's function that handles FUSE filesystem unmounting. The flaw stems from an improper UID check that allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the attacker's UID in its string form. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

The vulnerability allows an unprivileged local attacker to unmount FUSE filesystems belonging to other users with similar UIDs, potentially causing a denial of service to applications that use the affected filesystems. This can disrupt system operations and affect service availability for legitimate users (Release Notes).

The vulnerability was fixed in util-linux version 2.37.3. The fix involves correcting the UID check in the libmount library to properly validate user permissions when unmounting FUSE filesystems. Users are advised to upgrade to util-linux version 2.37.3 or later to address this security issue (Release Notes, Gentoo Advisory).