Vulnerabilities > Kernel > Util Linux

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-21583 Unspecified vulnerability in Kernel Util-Linux
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
local
low complexity
kernel
6.7
2022-08-23 CVE-2021-3995 Files or Directories Accessible to External Parties vulnerability in multiple products
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.
local
low complexity
kernel fedoraproject CWE-552
5.5
2022-08-23 CVE-2021-3996 Files or Directories Accessible to External Parties vulnerability in multiple products
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.
local
low complexity
kernel fedoraproject CWE-552
5.5
2022-02-21 CVE-2022-0563 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support.
local
low complexity
kernel netapp CWE-209
5.5
2021-07-30 CVE-2021-37600 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
local
low complexity
kernel netapp CWE-190
5.5
2018-03-07 CVE-2018-7738 Unspecified vulnerability in Kernel Util-Linux
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
local
low complexity
kernel
7.2
2017-08-23 CVE-2015-5224 Unspecified vulnerability in Kernel Util-Linux
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
network
low complexity
kernel
7.5
2017-04-11 CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
local
low complexity
kernel redhat ibm
4.9
2017-03-31 CVE-2014-9114 Command Injection vulnerability in multiple products
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
local
low complexity
opensuse fedoraproject kernel CWE-77
7.8
2017-02-07 CVE-2016-2779 Permissions, Privileges, and Access Controls vulnerability in Kernel Util-Linux 2.24.21
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
local
low complexity
kernel CWE-264
7.2