Vulnerability Discussion
Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.
Check
Verify all local files and directories on RHEL 9 have a valid group with the following command:
$ df --local -P | awk {'if (NR!=1) print $6'} | sudo xargs -I '{}' find '{}' -xdev -nogroup
If any files on the system do not have an assigned group, this is a finding.
Fix
Either remove all files and directories from RHEL 9 that do not have a valid group, or assign a valid group to all files and directories on the system with the "chgrp" command:
$ sudo chgrp