On Tue, Mar 16, 2021 at 06:06:28PM +0100, Léo Le Bouter wrote:
> The CVE-2021-24032 is Base Score: 9.1 CRITICAL - which is exceptionally
> high so fixing it is an absolute necessity in any branch.

This is off-topic, but I think that CVE scoring is not really that
useful. This bug is a local TOCTOU race which is bad but hardly
critical, IMO. For something to be critical, it should enable remote
execution of arbitrary code.