A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

🗓️ 02 Oct 2025 06:11:12Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com

Logic error in libmount lets an unprivileged user unmount world-writable filesystems, causing DoS.

Reporter	Title	Published	Views	Family All 80
0day.today	Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability	10 Dec 202200:00	–	zdt
Tenable Nessus	Amazon Linux 2022 : libblkid, libblkid-devel, libfdisk (ALAS2022-2022-086)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : libblkid, libblkid-devel, libfdisk (ALAS2022-2022-099)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : util-linux (ALAS2022-2022-218)	10 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libblkid, libblkid-devel, libfdisk (ALAS2023-2023-024)	21 Mar 202300:00	–	nessus
Tenable Nessus	CentOS 9 : util-linux-2.37.4-3.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Debian DSA-5055-1 : util-linux - security update	31 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1440)	18 Apr 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1461)	18 Apr 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : util-linux (EulerOS-SA-2022-1616)	5 May 202200:00	–	nessus

Vulners

Node

microsoft cm1_util-linux_2.32.1-7Range<2.32.1-7

02 Oct 2025 06:11Current

7High risk

Vulners AI Score7

CVSS 3.15.5

EPSS0.00171

SSVC

libmount unprivileged user world writable unmount fuse filesystem denial of service