CVE-2021-3995

CWE-552Files Accessible to External Parties7 documents7 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 57.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Kernel Util-linuxFedoraproject Fedora
Timeline
PublishedAug 23

Description

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDkernel/util-linux2.342.37.3
Debianutil-linux< 2.36.1-8+deb11u1+3
CVEListV5util-linuxFixed in util-linux v2.37.3

Also affects: Fedora 35

Patches

Patch: github.comPatch: www.openwall.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2021-3995: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem2022-08-23
CVEList
CVE-2021-3995: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem2022-08-23

📋Vendor Advisories

4
Microsoft
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount 2022-08-09
Ubuntu
util-linux vulnerabilities2022-02-09
Red Hat
util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid2022-01-24
Debian
CVE-2021-3995: util-linux - A logic error was found in the libmount library of util-linux in the function th...2021
CVE-2021-3995 (MEDIUM CVSS 5.5) | A logic error was found in the libm | cvebase.io