threat
engine
.sh
Back
·
··:··
Home
/
Product
/
kernel util linux
Product
kernel util linux
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-27456
< 2.41.4
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability
4.7
MEDIUM
CVE-2026-3184
all versions
A flaw was found in util-linux. Improper hostname canonicalization in the
login(1)
utility, when invoked with the
-h
option, c
3.7
LOW
CVE-2024-28085
>= 2.24 and < 2.39.4
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' t
3.3
LOW
CVE-2020-21583
< 2.27
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the pa
6.7
MEDIUM
CVE-2021-3996
>= 2.34 and < 2.37.3
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE f
5.5
MEDIUM
CVE-2021-3995
>= 2.34 and < 2.37.3
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE f
5.5
MEDIUM
CVE-2022-0563
< 2.37.4
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPU
5.5
MEDIUM
CVE-2021-37600
<= 2.37.1
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system re
5.5
MEDIUM
CVE-2017-2616
< 2.32.1
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authentica
5.5
MEDIUM
CVE-2018-7738
<= 2.31
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mount
7.8
HIGH
CVE-2015-5224
<= 2.26.2
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and
9.8
CRITICAL
CVE-2016-5011
<= 2.28
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to
4.6
MEDIUM
CVE-2014-9114
<= 2.24.2-1
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
7.8
HIGH
CVE-2016-2779
all versions
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters
7.8
HIGH
CVE-2015-5218
<= 2.22
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash)
CVE-2013-0157
all versions
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of
CVE-2011-1677
<= 2.19
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which h
CVE-2011-1676
<= 2.19
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which all
CVE-2011-1675
<= 2.19
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits w
CVE-2008-1926
all versions
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attac
CVE-2007-5191
<= 2.13.1.1
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the ret
CVE-2006-7108
all versions
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin sessi
CVE-2005-2876
all versions
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with un
CVE-2004-0080
<= 2.11
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login t
CVE-2003-0094
all versions
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which cause
CVE-2001-1175
all versions
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for l
CVE-2001-1494
< 2.11n
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from t
5.5
MEDIUM
CVE-2001-1147
all versions
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin