1. Home
  2. Vulnerabilities
  3. CVE-2021-3996

CVE-2021-3996

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 2
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Weaknesses
CWE-552
Files or Directories Accessible to External Parties
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-08-23 20:15:08
(2 years ago)
Updated Date
2024-01-07 09:15:08
(8 months ago)

Affected Products

Fedoraproject

Kernel

Configuration #1

    CPE23 From Up To
  Kernel Util-linux from 2.34 version and prior 2.37.3 version cpe:2.3:a:kernel:util-linux >= 2.34 < 2.37.3

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35