CVE-2024-28085

The CVE-2024-28085 issue is in util-linux, where wall (and related utilities) installed with setgid tty permission fails to filter escape sequences from command-line arguments. Escape sequences from argv can be sent to other users’ terminals, potentially enabling local information disclosure or a...

CVE-2018-7738

The CVE-2018-7738 entry concerns util-linux before 2.32-rc1, where the bash-completion/umount script mishandles certain mountpoint names, allowing a local attacker to escalate privileges via an autocompletion sequence in Bash. Exploitation is demonstrated by embedding shell commands in a mountpoi...

CVE-2016-5011

CVE-2016-5011 affects the libblkid component of util-linux (partitions/dos.c). The root cause is a vulnerability in parse_dos_extended that allows a crafted MSDOS partition table with an extended partition boot record at offset zero to cause memory consumption leading to a denial of service. The ...

CVE-2021-3996

CVE-2021-3996 affects util-linux libmount and allows an unprivileged local user to unmount other users’ filesystems that are world-writable or mounted in a world-writable directory, potentially causing DoS. The Debian security tracker and security advisories note this vulnerability in libmount; D...

CVE-2021-3995

CVE-2021-3995 is a logic error in util-linux’s libmount that allows an unprivileged local attacker to unmount FUSE filesystems or other users’ world-writable mounts, potentially causing DoS. Affected: util-linux (libmount). Root cause: logic flaw in libmount’s unmount handling. Impact: denial of ...

CVE-2021-37600

CVE-2021-37600 affects util-linux up to version 2.37.1, describing an integer overflow that could lead to a buffer overflow in IPC utilities if resource usage drives a large value in /proc/sysvipc/sem. Connected advisories (Debian LTS, Gentoo GLSA, Alpine) confirm the issue and recommend upgradin...

CVE-2022-0563

CVE-2022-0563 affects util-linux chfn/chsh utilities when built with Readline. The Readline library may expose data from the INPUTRC file to unprivileged users, enabling reading of root-owned files and potential privilege escalation. Affected versions are prior to 2.37.4. Remediation noted in mul...

CVE-2016-2779

CVE-2016-2779 affects util-linux, where runuser -u program can be hijacked via crafted TIOCSTI ioctl to push input to the terminal buffer, enabling local privilege escalation by hijacking the tty. Root cause: TIOCSTI-based input injection. Impact: local privilege escalation. Exploitation status/...

CVE-2007-5191

The CVE-2007-5191 issue concerns util-linux: the mount and umount utilities call setuid/setgid in the wrong order and do not check return values, which could allow a local attacker to elevate privileges via helper programs (e.g., mount.nfs). Affected component: util-linux (mount/umount). Impact: ...

CVE-2015-5218

CVE-2015-5218 is a buffer overflow in util-linux's text-utils/colcrt.c (colcrt) that allows a local user to crash the system via a crafted file. The description states the issue and the mitigation path provided here is for CP4S: upgrade Cloud Pak for Security to 1.9.0 (per remediation section); n...

CVE-2013-0157

CVE-2013-0157 affects util-linux-ng (examples cited: 2.14.1, 2.17.2 and likely other versions). The vulnerability enables local users to infer the existence of restricted directories by observing error messages when mounting operations are performed with --guess-fstype or when attempting to mount...

CVE-2014-9114

CVE-2014-9114 affects util-linux Blkid; BlkId in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Affected component is the blkid functionality in util-linux. The provided documents do not specify mitigations or patch versions beyond the vulnerable range; no explicit explo...

CVE-2015-5224

CVE-2015-5224 affects util-linux's login-utils mkostemp usage, enabling remote attackers to cause file name collisions and potentially other attacks. Affected component is login-utils in util-linux; root cause is incorrect usage of mkostemp. CVSS indicates high/critical impact vectors (network at...

CVE-2001-1494

CVE-2001-1494 affects util-linux (and mount) prior to versions updated in RHSA-2005:782. The issue is a hardlink-based flaw in the script command: a local attacker can create a hardlink named typescript in a writable directory, and when the script command is run by root, the attacker’s file can b...

CVE-2020-21583

CVE-2020-21583 affects hwclock.13-v2.27. The issue allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. The affected component is hwclock (part of util-linux). The provided documents do not include explicit exploitation status o...

CVE-2026-27456

CVE-2026-27456 affects util-linux mount(8): a TOCTOU race in the SUID mount when setting up loop devices allows a local user to trick mount into opening a root-owned target by replacing the source path during the brief window between validation and open. Exploitation requires an /etc/fstab entry ...

CVE-2026-3184

Affects util-linux, specifically the login(1) utility when invoked with -h. The root cause is improper hostname canonicalization, which can modify the supplied remote hostname before setting PAM_RHOST. This weakness can bypass host-based PAM access control rules that rely on fully qualified domai...