A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html | Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Dec/4 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/11/30/2 | Mailing List Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2021-3996 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2024628 | Issue Tracking Patch Third Party Advisory |
https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb | Patch Third Party Advisory |
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes | Release Notes Vendor Advisory |
https://security.gentoo.org/glsa/202401-08 | |
https://security.netapp.com/advisory/ntap-20221209-0002/ | Broken Link Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/01/24/2 | Exploit Mailing List Patch Third Party Advisory |
Configurations
History
07 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2023, 20:38
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221209-0002/ - Broken Link, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/11/30/2 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/4 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html - Third Party Advisory |
09 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Aug 2022, 18:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Kernel Kernel util-linux Fedoraproject fedora |
|
References | (MISC) https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2024628 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/01/24/2 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-3996 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-552 |
23 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-23 20:15
Updated : 2024-01-07 09:15
NVD link : CVE-2021-3996
Mitre link : CVE-2021-3996
CVE.ORG link : CVE-2021-3996
JSON object : View
Products Affected
kernel
- util-linux
fedoraproject
- fedora
CWE
CWE-552
Files or Directories Accessible to External Parties