Lucene search

K
KernelUtil-linux

15 matches found

CVE
CVE
added 2024/03/27 7:15 p.m.3527 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible ...

3.3CVSS6.2AI score0.11732EPSS
CVE
CVE
added 2018/03/07 2:29 a.m.398 views

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab ch...

7.8CVSS7.8AI score0.00054EPSS
CVE
CVE
added 2017/04/11 3:59 p.m.340 views

CVE-2016-5011

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

4.9CVSS4.5AI score0.00212EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.305 views

CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a...

5.5CVSS5.3AI score0.00232EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.260 views

CVE-2021-3995

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of t...

5.5CVSS5.2AI score0.00233EPSS
CVE
CVE
added 2021/07/30 2:15 p.m.218 views

CVE-2021-37600

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic env...

5.5CVSS5.8AI score0.00059EPSS
CVE
CVE
added 2022/02/21 7:15 p.m.170 views

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the...

5.5CVSS5.3AI score0.00025EPSS
CVE
CVE
added 2017/02/07 3:59 p.m.109 views

CVE-2016-2779

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

7.8CVSS7.2AI score0.00158EPSS
CVE
CVE
added 2007/10/04 4:17 p.m.83 views

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

7.2CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2015/11/09 4:59 p.m.77 views

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

2.1CVSS8.2AI score0.00078EPSS
CVE
CVE
added 2014/01/21 6:55 p.m.76 views

CVE-2013-0157

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages de...

2.1CVSS6AI score0.00058EPSS
CVE
CVE
added 2017/03/31 4:59 p.m.68 views

CVE-2014-9114

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

7.8CVSS7.5AI score0.00132EPSS
CVE
CVE
added 2017/08/23 3:29 p.m.65 views

CVE-2015-5224

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

9.8CVSS9.3AI score0.04076EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.60 views

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

6.7CVSS6.9AI score0.00033EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.55 views

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

5.5CVSS5.6AI score0.00044EPSS