CVE-2021-3996 - OpenCVE

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Kernel	Util-linux
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Dec/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/30/2	Mailing List Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3996	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024628	Issue Tracking Patch Third Party Advisory
https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb	Patch Third Party Advisory
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes	Release Notes Vendor Advisory
https://security.gentoo.org/glsa/202401-08
https://security.netapp.com/advisory/ntap-20221209-0002/	Broken Link Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/24/2	Exploit Mailing List Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-23T00:00:00

Updated: 2024-01-07T09:06:22.825845

Reserved: 2021-11-22T00:00:00

Link: CVE-2021-3996

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-23T20:15:08.560

Modified: 2024-01-07T09:15:08.600

Link: CVE-2021-3996

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3996", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-01-07T09:06:22.825845", "dateReserved": "2021-11-22T00:00:00", "datePublished": "2022-08-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-01-07T09:06:22.825845"}, "descriptions": [{"lang": "en", "value": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems."}], "affected": [{"vendor": "n/a", "product": "util-linux", "versions": [{"version": "Fixed in util-linux v2.37.3", "status": "affected"}]}], "references": [{"url": "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes"}, {"url": "https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb"}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/24/2"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024628"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3996"}, {"name": "[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"}, {"name": "20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/4"}, {"url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221209-0002/"}, {"name": "GLSA-202401-08", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-08"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-552 - Files or Directories Accessible to External Parties", "cweId": "CWE-552"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "755D0AAC-24D9-4B39-BCC2-06AC9FF889E2", "versionEndExcluding": "2.37.3", "versionStartIncluding": "2.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems."}, {"lang": "es", "value": "Se ha encontrado un error l\u00f3gico en la biblioteca libmount de util-linux en la funci\u00f3n que permite a un usuario no privilegiado desmontar un sistema de archivos FUSE. Este fallo permite a un usuario local en un sistema vulnerable desmontar los sistemas de archivos de otros usuarios que son de escritura mundial (como /tmp) o que est\u00e1n montados en un directorio de escritura mundial. Un atacante puede usar este fallo para causar una denegaci\u00f3n de servicio a las aplicaciones que usan los sistemas de archivos afectados."}], "id": "CVE-2021-3996", "lastModified": "2024-01-07T09:15:08.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T20:15:08.560", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/4"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3996"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024628"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202401-08"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221209-0002/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/01/24/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Secondary"}]}