Util Linux Kernel Util Linux

Do you want an email whenever new security vulnerabilities are reported in Kernel Util Linux?

By the Year

In 2022 there have been 1 vulnerability in Kernel Util Linux with an average score of 5.5 out of ten. Last year Util Linux had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Util Linux in 2022 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2022 and last year was the same.

Year Vulnerabilities Average Score
2022 1 5.50
2021 1 5.50
2020 0 0.00
2019 0 0.00
2018 1 7.80

It may take a day or so for new Util Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Kernel Util Linux Security Vulnerabilities

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support

CVE-2022-0563 5.5 - Medium - February 21, 2022

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Generation of Error Message Containing Sensitive Information

** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way

CVE-2021-37600 5.5 - Medium - July 30, 2021

** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.

Integer Overflow or Wraparound

In util-linux before 2.32-rc1, bash-completion/umount

CVE-2018-7738 7.8 - High - March 07, 2018

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

The mkostemp function in login-utils in util-linux when used incorrectly

CVE-2015-5224 9.8 - Critical - August 23, 2017

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux

CVE-2016-5011 4.6 - Medium - April 11, 2017

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Blkid in util-linux before 2.26rc-1

CVE-2014-9114 7.8 - High - March 31, 2017

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kernel Util Linux or by Kernel? Click the Watch button to subscribe.

Kernel
Vendor

subscribe