CVE-2021-3996

Public on 2022-05-31
Modified on 2024-02-04
Description
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 1 util-linux No Fix Planned
HAQM Linux 2 - Core util-linux Pending Fix
HAQM Linux 2023 util-linux 2023-02-17 ALAS2023-2023-024 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H