JLSEC-2025-193 A logic error was found in the libmount library of util-linux in the function that allows an unprivi...

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

JLSEC-2025-192 A logic error was found in the libmount library of util-linux in the function that allows an unprivi...

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of...

Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-680644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680644 advisory. A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an...

Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-680643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680643 advisory. A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local...

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

...

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1951)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1668)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1170-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:1172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for util (SUSE-SU-2024:1169-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5650-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : util-linux-2.37.4-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the util-linux-2.37.4-3.el9 build changelog. - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE...

GLSA-202401-08 : util-linux: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-08 util-linux: Multiple Vulnerabilities - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local...

Amazon Linux 2023 : libblkid, libblkid-devel, libfdisk (ALAS2023-2023-024)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-024 advisory. A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to...

SUSE CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

SUSE CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

SUSE CVE-2021-3995

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of...

Amazon Linux 2022 : util-linux (ALAS2022-2022-218)

The version of util-linux installed on the remote host is prior to 2.37.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-218 advisory. - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to...

Amazon Linux 2022 : libblkid, libblkid-devel, libfdisk (ALAS2022-2022-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-099 advisory. A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to...