Kernel Util Linux
By the Year
In 2022 there have been 1 vulnerability in Kernel Util Linux with an average score of 5.5 out of ten. Last year Util Linux had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Util Linux in 2022 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2022 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 1 | 5.50 |
| 2021 | 1 | 5.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Util Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kernel Util Linux Security Vulnerabilities
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support
CVE-2022-0563
5.5 - Medium
- February 21, 2022
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
Generation of Error Message Containing Sensitive Information
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way
CVE-2021-37600
5.5 - Medium
- July 30, 2021
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
Integer Overflow or Wraparound
In util-linux before 2.32-rc1, bash-completion/umount
CVE-2018-7738
7.8 - High
- March 07, 2018
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
The mkostemp function in login-utils in util-linux when used incorrectly
CVE-2015-5224
9.8 - Critical
- August 23, 2017
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux
CVE-2016-5011
4.6 - Medium
- April 11, 2017
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
Blkid in util-linux before 2.26rc-1
CVE-2014-9114
7.8 - High
- March 31, 2017
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Kernel Util Linux or by Kernel? Click the Watch button to subscribe.
