1170 matches found
CVE-2026-27456
A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the mount program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use TOCTOU window where an attacker can substitute th...
util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
...
ALPINE-CVE-2026-27456
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
EUVD-2026-18864
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
CVE-2026-27456
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
CVE-2026-27456
CVE-2026-27456 affects util-linux mount(8): a TOCTOU race in the SUID mount when setting up loop devices allows a local user to trick mount into opening a root-owned target by replacing the source path during the brief window between validation and open. Exploitation requires an /etc/fstab entry ...
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
CVE-2026-27456
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
UBUNTU-CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CVE-2026-3184
Affects util-linux, specifically the login(1) utility when invoked with -h. The root cause is improper hostname canonicalization, which can modify the supplied remote hostname before setting PAM_RHOST. This weakness can bypass host-based PAM access control rules that rely on fully qualified domai...
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
util-linux 安全漏洞
util-linux is an open-source software package developed by util-linux. There is a security vulnerability in util-linux, which stems from improper hostname normalization. This vulnerability could allow remote attackers to bypass host-based PAM access control rules and gain unauthorized access...
util-linux 安全漏洞
util-linux is an open-source software package. Versions of util-linux prior to 2.41.4 contained a security vulnerability. This vulnerability stemmed from a TOCTOU race condition in the SUID binary file mount, which could allow unauthorized access to files...
Linux Distros Unpatched Vulnerability : CVE-2026-27456
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been identified in the SUID...
CVE-2026-27456
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
ROOT-OS-ALPINE-318-CVE-2024-28085 CVE-2024-28085 in rootio-util-linux - Patched by Root
Root has patched CVE-2024-28085 in the rootio-util-linux package for Root:Alpine:3.18. Multiple fixed versions available...