VYPR

Util Linux

by Linux

Source repositories

CVEs (17)

  • CVE-2015-5224CriAug 23, 2017
    risk 0.57cvss 9.8epss 0.05

    The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

  • CVE-2016-2779HigFeb 7, 2017
    risk 0.51cvss 7.8epss 0.00

    runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2014-9114HigMar 31, 2017
    risk 0.44cvss 7.8epss 0.01

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

  • CVE-2025-14104MedDec 5, 2025
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

  • CVE-2001-1494MedDec 31, 2001
    risk 0.36cvss 5.5epss 0.00

    script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

  • CVE-2016-5011MedApr 11, 2017
    risk 0.30cvss 4.6epss 0.00

    The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

  • CVE-2026-27456MedApr 3, 2026
    risk 0.24cvss 4.7epss 0.00

    util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path…

  • CVE-2026-3184LowApr 3, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname,…

  • CVE-2024-28085LowMar 27, 2024
    risk 0.22cvss 3.3epss 0.02

    wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.)…

  • CVE-2017-2616MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.00

    A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

  • CVE-2015-5218Nov 9, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

  • CVE-2013-0157Jan 21, 2014
    risk 0.00cvss epss 0.00

    (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates…

  • CVE-2011-1677Apr 10, 2011
    risk 0.00cvss epss 0.00

    mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.

  • CVE-2011-1676Apr 10, 2011
    risk 0.00cvss epss 0.00

    mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.

  • CVE-2011-1675Apr 10, 2011
    risk 0.00cvss epss 0.00

    mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue…

  • CVE-2008-1926Apr 24, 2008
    risk 0.00cvss epss 0.04

    Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log…

  • CVE-2007-5191Oct 4, 2007
    risk 0.00cvss epss 0.00

    mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.