Util-linux
This hub aggregates every CVE we track for Util-linux, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
29
CVEs tracked
1
Critical
8
High
0
In CISA KEV
Severity distribution
MEDIUM14HIGH8LOW6CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Util-linux.
- CVE-2026-27456util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup4.7
- CVE-2026-3184Util-linux: util-linux: access control bypass due to improper hostname canonicalization3.7
- CVE-2025-14104Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames6.1
- CVE-2024-28085wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received fro...3.3
- CVE-2020-21583An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.6.7
- CVE-2021-3995A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmou...5.5
- CVE-2021-3996A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to ...5.5
- CVE-2022-0563A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file....5.5
- CVE-2021-37600An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/...5.5
- CVE-2017-2616A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root ...5.5
- CVE-2018-7738In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bas...7.8
- CVE-2015-5224The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.9.8
- CVE-2016-5011The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS...4.6
- CVE-2014-9114Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.7.8
- CVE-2016-2779runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.7.8
Product normalization is registry-driven with AI assist and human review. How it works