CVE-2021-3995

Опубликовано: 23 авг. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Ссылки

http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/30/2
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995
Broken Link
Issue Tracking
https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
Patch
Third Party Advisory
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202401-08
https://security.netapp.com/advisory/ntap-20221209-0002/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/24/2
Exploit
Mailing List
Patch
Third Party Advisory
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/30/2
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024631https://access.redhat.com/security/cve/CVE-2021-3995
Broken Link
Issue Tracking
https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
Patch
Third Party Advisory
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202401-08
https://security.netapp.com/advisory/ntap-20221209-0002/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/24/2
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*

Версия от 2.34 (включая) до 2.37.3 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00219

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-552

Связанные уязвимости

CVE-2021-3995

CVSS3: 5.5

ubuntu

почти 3 года назад

CVE-2021-3995

CVSS3: 4.7

redhat

больше 3 лет назад

CVE-2021-3995

CVSS3: 5.5

debian

почти 3 года назад

A logic error was found in the libmount library of util-linux in the f ...

openSUSE-SU-2022:0727-1

suse-cvrf

больше 3 лет назад

Security update for libeconf, shadow and util-linux

SUSE-SU-2022:0727-1

suse-cvrf

больше 3 лет назад

Security update for libeconf, shadow and util-linux

EPSS

Процентиль: 45%

0.00219

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-552