CVE-2021-3996

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Se ha encontrado un error lógico en la biblioteca libmount de util-linux en la función que permite a un usuario no privilegiado desmontar un sistema de archivos FUSE. Este fallo permite a un usuario local en un sistema vulnerable desmontar los sistemas de archivos de otros usuarios que son de escritura mundial (como /tmp) o que están montados en un directorio de escritura mundial. Un atacante puede usar este fallo para causar una denegación de servicio a las aplicaciones que usan los sistemas de archivos afectados.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-11-22 CVE Reserved
2022-01-28 CVE Published
2023-03-08 EPSS Updated
2024-10-15 CVE Updated
2024-10-15 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (10)

URL	Tag	Source
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/4	Mailing List
http://www.openwall.com/lists/oss-security/2022/11/30/2	Mailing List
https://access.redhat.com/security/cve/CVE-2021-3996	Issue Tracking
https://security.netapp.com/advisory/ntap-20221209-0002	Broken Link

URL	Date	SRC
https://www.openwall.com/lists/oss-security/2022/01/24/2	2024-10-15

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2024628	2024-01-07
https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb	2024-01-07

URL	Date	SRC
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes	2024-01-07
https://security.gentoo.org/glsa/202401-08	2024-01-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kernel Search vendor "Kernel"		Util-linux Search vendor "Kernel" for product "Util-linux"				>= 2.34 < 2.37.3 Search vendor "Kernel" for product "Util-linux" and version " >= 2.34 < 2.37.3"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected