Util Linux
by Linux
Source repositories
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5224 | Cri | 0.57 | 9.8 | 0.05 | Aug 23, 2017 | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. | ||
| CVE-2016-2779 | Hig | 0.51 | 7.8 | 0.00 | Feb 7, 2017 | runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | ||
| CVE-2014-9114 | Hig | 0.44 | 7.8 | 0.01 | Mar 31, 2017 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | ||
| CVE-2025-14104 | Med | 0.40 | 6.1 | 0.00 | Dec 5, 2025 | A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||
| CVE-2001-1494 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2001 | script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | ||
| CVE-2016-5011 | Med | 0.30 | 4.6 | 0.00 | Apr 11, 2017 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | ||
| CVE-2026-27456 | Med | 0.24 | 4.7 | 0.00 | Apr 3, 2026 | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path… | ||
| CVE-2026-3184 | Low | 0.24 | 3.7 | 0.00 | Apr 3, 2026 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname,… | ||
| CVE-2024-28085 | Low | 0.22 | 3.3 | 0.02 | Mar 27, 2024 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.)… | ||
| CVE-2017-2616 | Med | 0.00 | 5.5 | 0.00 | Jul 27, 2018 | A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. | ||
| CVE-2015-5218 | 0.00 | — | 0.01 | Nov 9, 2015 | Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | |||
| CVE-2013-0157 | 0.00 | — | 0.00 | Jan 21, 2014 | (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates… | |||
| CVE-2011-1677 | 0.00 | — | 0.00 | Apr 10, 2011 | mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | |||
| CVE-2011-1676 | 0.00 | — | 0.00 | Apr 10, 2011 | mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. | |||
| CVE-2011-1675 | 0.00 | — | 0.00 | Apr 10, 2011 | mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue… | |||
| CVE-2008-1926 | 0.00 | — | 0.04 | Apr 24, 2008 | Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log… | |||
| CVE-2007-5191 | 0.00 | — | 0.00 | Oct 4, 2007 | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. |
- risk 0.57cvss 9.8epss 0.05
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
- risk 0.51cvss 7.8epss 0.00
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
- risk 0.44cvss 7.8epss 0.01
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
- risk 0.40cvss 6.1epss 0.00
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
- risk 0.36cvss 5.5epss 0.00
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
- risk 0.30cvss 4.6epss 0.00
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
- risk 0.24cvss 4.7epss 0.00
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path…
- risk 0.24cvss 3.7epss 0.00
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname,…
- risk 0.22cvss 3.3epss 0.02
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.)…
- risk 0.00cvss 5.5epss 0.00
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
- CVE-2015-5218Nov 9, 2015risk 0.00cvss —epss 0.01
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
- CVE-2013-0157Jan 21, 2014risk 0.00cvss —epss 0.00
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates…
- CVE-2011-1677Apr 10, 2011risk 0.00cvss —epss 0.00
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
- CVE-2011-1676Apr 10, 2011risk 0.00cvss —epss 0.00
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.
- CVE-2011-1675Apr 10, 2011risk 0.00cvss —epss 0.00
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue…
- CVE-2008-1926Apr 24, 2008risk 0.00cvss —epss 0.04
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log…
- CVE-2007-5191Oct 4, 2007risk 0.00cvss —epss 0.00
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.