CVE-2026-13595

Name of the Vulnerable Software and Affected Versions util-linux libblkid (affected versions not specified)

Description A heap use-after-free read occurs in the libblkid library during nested partition probing. The BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry within a dynamically allocated array. If subsequent partition additions trigger a reallocation of this array, the cached pointer becomes stale. An attacker can trigger this issue without user interaction by providing a crafted block device image, such as through a USB drive or a loop-mounted disk image, because libblkid is automatically executed as root by udev/udisks during block-device hot-plug events. This may result in denial of service or limited information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.