PT-2022-1459 · Unknown+5 · Util-Linux+5

Published

2022-01-24

Updated

2025-10-27

CVE-2021-3995

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions util-linux (affected versions not specified)

Description The issue is related to incorrect permissions and access privileges in the util-linux package. A logic error was found in the libmount library, specifically in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw enables an unprivileged local attacker to unmount FUSE filesystems belonging to certain other users who have a UID that is a prefix of the attacker's UID in its string form, potentially causing a denial of service to applications using the affected filesystems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-552

Related Identifiers

ALT-PU-2022-1123

ALT-PU-2022-3036

BDU:2022-00588

CVE-2021-3995

DSA-5055-1

JLSEC-2025-192

MGASA-2022-0076

OESA-2022-1536

OPENSUSE-SU-2022:0727-1

OPENSUSE-SU-2022_0727-1

OPENSUSE-SU-2024:11784-1

SUSE-SU-2022:0727-1

SUSE-SU-2022:0727-2

SUSE-SU-2022_0727-1

USN-5279-1

Affected Products

Alt Linux

Linuxmint

Red Os

Suse

Ubuntu

Util-Linux

PT-2022-1459 · Unknown+5 · Util-Linux+5

CVE-2021-3995

Weakness Enumeration

Related Identifiers

Affected Products

References · 56