Published: 23/08/2022 Updated: 07/01/2024

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local malicious user to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995) A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)

Vulnerable Product	Search on Vulmon	Subscribe to Product
kernel util-linux
fedoraproject fedora 35

The Qualys Research Labs discovered two vulnerabilities in util-linux's libmount These flaws allow an unprivileged user to unmount other users' filesystems that are either world-writable themselves or mounted in a world-writable directory (CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other users (CVE-2021-3995) For the st ...

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form An attacker may use ...

ALAS-2022-218 Amazon Linux 2022 Security Advisory: ALAS-2022-218 Advisory Release Date: 2022-12-06 16:41 Pacific ...

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2021-44731: Race condition in snap-confine's setup_private_mount()   ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()  <!--X-Head-of-Message-- ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount   From: Qualys S ...

SRE Labs This repository contains: the source code to implement a standalone HTTP web application a dockerfile to containerize the service an helm chart for the service an helm chart to install kube-prometheus-stack with an easy example of dashboard and alert a script to automate the provisioning of a local Kubernetes cluster Requirements You should have installed at least:

CWE-552 https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb https://access.redhat.com/security/cve/CVE-2021-3996 https://bugzilla.redhat.com/show_bug.cgi?id=2024628 https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes https://www.openwall.com/lists/oss-security/2022/01/24/2 http://www.openwall.com/lists/oss-security/2022/11/30/2 http://seclists.org/fulldisclosure/2022/Dec/4 http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html https://security.netapp.com/advisory/ntap-20221209-0002/https://security.gentoo.org/glsa/202401-08 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5055 https://alas.aws.amazon.com/AL2022/ALAS-2022-086.html

CVE-2021-3996

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect