2024628 – (CVE-2021-3996) CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount

Bug 2024628 (CVE-2021-3996) - CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount

Summary: CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2021-3996
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2032273 2044307
Blocks:	2024641
TreeView+	depends on / blocked

Reported:	2021-11-18 14:20 UTC by Pedro Sampaio
Modified:	2023-09-15 01:50 UTC (History)
CC List:	19 users (show)
Fixed In Version:	util-linux 2.37.3
Doc Type:	If docs needed, set a value
Doc Text:	A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Clone Of:
Environment:
Last Closed:	2022-05-17 15:16:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-11-18 14:20:47 UTC

A flaw was found in util-linux's libmount. An issue related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory.

Comment 6 Riccardo Schirone 2021-11-19 16:09:56 UTC

RHEL 6, 7 and 8 are not affected by this bug as they ship an older version of util-linux which does not allow unprivileged users to unmount FUSE mount points for the current user (e.g. is_fuse_usermount() function does not exist).

Comment 12 Riccardo Schirone 2022-01-24 11:08:40 UTC

Upstream patch:
https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb

Comment 13 Riccardo Schirone 2022-01-24 11:10:06 UTC

Release notes:
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes

Comment 14 Riccardo Schirone 2022-01-24 12:01:37 UTC

Created util-linux tracking bugs for this issue:

Affects: fedora-all [bug 2044307]

Comment 16 Product Security DevOps Team 2022-05-17 15:16:44 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3996

Comment 17 Red Hat Bugzilla 2023-09-15 01:50:04 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days

Note You need to log in before you can comment on or make changes to this bug.