CVE-2021-3996

CWE-552Files Accessible to External Parties7 documents7 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 53.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Kernel Util-linuxFedoraproject Fedora
Timeline
PublishedAug 23

Description

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDkernel/util-linux2.342.37.3
Debianutil-linux< 2.36.1-8+deb11u1+3
CVEListV5util-linuxFixed in util-linux v2.37.3

Also affects: Fedora 35

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: www.openwall.com

🔴Vulnerability Details

2
CVEList
CVE-2021-3996: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem2022-08-23
OSV
CVE-2021-3996: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem2022-08-23

📋Vendor Advisories

4
Microsoft
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unm2022-08-09
Ubuntu
util-linux vulnerabilities2022-02-09
Red Hat
util-linux: Unauthorized unmount of filesystems in libmount2022-01-24
Debian
CVE-2021-3996: util-linux - A logic error was found in the libmount library of util-linux in the function th...2021
CVE-2021-3996 (MEDIUM CVSS 5.5) | A logic error was found in the libm | cvebase.io