In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HKernel Util Linux
APPKernel≤ 2.31
Related vulnerabilities
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file...
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, whi...
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and ...
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of...