First published: Thu Nov 18 2021(Updated: )
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/util-linux | <2.37.3 | 2.37.3 |
>=2.34<2.37.3 | ||
=35 | ||
Kernel Util-linux | >=2.34<2.37.3 | |
Fedoraproject Fedora | =35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-3996.
The title of the vulnerability is 'A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.'
The severity of CVE-2021-3996 is medium, with a severity value of 5.5.
The affected software includes Kernel Util-linux version 2.34 to 2.37.3, Fedoraproject Fedora version 35, and redhat/util-linux version up to 2.37.3.
This vulnerability can be exploited by a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves or mounted in a specific way.