CVE-2024-8158
CVE-2024-8158 involves a bug in the lib9p 9p authentication implementation that can allow an attacker with a valid user to impersonate another filesystem user. The issue stems from lib9p not consistently verifying that the uname in Tauth/Tattach messages matches the client UID returned by the fac...