Description
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 14 | | =2.41-5 || =2.41.1-1 || =2.41.1-2 || =2.41.1-3 || =2.41.1-4 || =2.41.2-1 || =2.41.2-2 || =2.41.2-3 || =2.41.2-4 || =2.41.3-1 || =2.41.3-2 || =2.41.3-3 || =2.41.3-4 || =2.42~rc1-1 || =2.42~rc1-2 || =2.42~rc1-3 || =2.42~rc2-1 || >=0 <2.42-1 | 2.42-1 |
 rpm rhel8 | | - | - |
debian 13 | | =2.41-5 || =2.41.1-1 || =2.41.1-2 || =2.41.1-3 || =2.41.1-4 || =2.41.2-1 || =2.41.2-2 || =2.41.2-3 || =2.41.2-4 || =2.41.3-1 || =2.41.3-2 || =2.41.3-3 || =2.41.3-4 || =2.42-1 || =2.42-2 || =2.42-3 || =2.42-4 || =2.42-5 || =2.42~rc1-1 || =2.42~rc1-2 || =2.42~rc1-3 || =2.42~rc2-1 | - |
rpm rhel9 | | - | - |
 alpine v3.23 | | =2.14.1-r0 || =2.14.1-r1 || =2.14.2-r0 || =2.16-r0 || =2.16-r1 || =2.16-r2 || =2.16.2-r0 || =2.17-r0 || =2.17.1-r0 || =2.17.1-r1 || =2.17.2-r0 || =2.18-r0 || =2.18-r1 || =2.18-r2 || =2.19.1-r0 || =2.19.1-r1 || =2.19.1-r2 || =2.20-r0 || =2.20-r1 || =2.21-r0 || =2.21.1-r0 || =2.21.2-r0 || =2.22.1-r0 || =2.22.2-r0 || =2.23.1-r0 || =2.23.2-r0 || =2.23.2-r1 || =2.23.2-r2 || =2.23.2-r3 || =2.23.2-r4 || =2.23.2-r5 || =2.24.2-r0 || =2.24.2-r1 || =2.24.2-r2 || =2.24.2-r3 || =2.24.2-r4 || =2.25.2-r0 || =2.25.2-r1 || =2.25.2-r2 || =2.26.1-r0 || =2.26.2-r0 || =2.26.2-r1 || =2.27-r0 || =2.27-r1 || =2.27.1-r0 || =2.27.1-r1 || =2.28-r0 || =2.28-r1 || =2.28-r2 || =2.28-r3 || =2.28-r4 || =2.28.1-r0 || =2.28.2-r0 || =2.28.2-r1 || =2.28.2-r2 || =2.30.1-r0 || =2.30.2-r0 || =2.31-r0 || =2.32-r0 || =2.33-r0 || =2.33.2-r0 || =2.34-r0 || =2.34-r1 || =2.35-r0 || =2.35.1-r0 || =2.35.1-r1 || =2.35.1-r2 || =2.35.1-r3 || =2.35.1-r4 || =2.35.2-r0 || =2.35.2-r1 || =2.35.2-r2 || =2.36-r0 || =2.36-r1 || =2.36-r2 || =2.36.1-r0 || =2.36.1-r1 || =2.36.2-r0 || =2.36.2-r1 || =2.36.2-r2 || =2.37-r0 || =2.37-r1 || =2.37-r2 || =2.37-r3 || =2.37-r4 || =2.37.1-r0 || =2.37.2-r0 || =2.37.2-r1 || =2.37.2-r2 || =2.37.2-r3 || =2.37.2-r4 || =2.37.2-r5 || =2.37.2-r6 || =2.37.2-r7 || =2.37.3-r0 || =2.37.3-r1 || =2.37.4-r0 || =2.37.4-r1 || =2.38-r0 || =2.38-r1 || =2.38-r2 || =2.38-r3 || =2.38.1-r0 || =2.38.1-r1 || =2.38.1-r2 || =2.38.1-r3 || =2.38.1-r4 || =2.38.1-r5 || =2.38.1-r6 || =2.38.1-r7 || =2.38.1-r8 || =2.39-r0 || =2.39-r1 || =2.39-r10 || =2.39-r2 || =2.39-r3 || =2.39-r4 || =2.39-r5 || =2.39-r6 || =2.39-r7 || =2.39-r8 || =2.39-r9 || =2.39.1-r0 || =2.39.2-r0 || =2.39.2-r1 || =2.39.3-r0 || =2.39.3-r1 || =2.39.3-r2 || =2.40-r0 || =2.40-r1 || =2.40-r2 || =2.40.1-r0 || =2.40.1-r1 || =2.40.2-r0 || =2.40.2-r1 || =2.40.2-r2 || =2.40.2-r3 || =2.40.2-r4 || =2.40.3-r0 || =2.40.4-r0 || =2.41-r0 || =2.41-r1 || =2.41-r2 || =2.41-r3 || =2.41-r4 || =2.41-r5 || =2.41-r6 || =2.41-r7 || =2.41-r8 || =2.41-r9 || =2.41.1-r0 || =2.41.1-r1 || =2.41.2-r0 || >=0 <2.41.4-r0 | 2.41.4-r0 |
debian 11 | | =2.36.1-8 || =2.36.1-8+deb11u1 || =2.36.1-8+deb11u2 || =2.37.2-1 || =2.37.2-2 || =2.37.2-3 || =2.37.2-4 || =2.37.2-5 || =2.37.2-6 || =2.37.3-1 || =2.38-1 || =2.38-2 || =2.38-3 || =2.38-4 || =2.38-4+exp1 || =2.38-4+exp2 || =2.38-5 || =2.38-5+exp1 || =2.38-6 || =2.38.1-1 || =2.38.1-1.1 || =2.38.1-2 || =2.38.1-3 || =2.38.1-4 || =2.38.1-4+exp1 || =2.38.1-5 || =2.38.1-5+loong64 || =2.38.1-6 || =2.38~rc1-1 || =2.38~rc2-1 || =2.39.1-1 || =2.39.1-2 || =2.39.1-3 || =2.39.1-4 || =2.39.2-1 || =2.39.2-2 || =2.39.2-2.1 || =2.39.2-2.2 || =2.39.2-3 || =2.39.2-4 || =2.39.2-5 || =2.39.2-6 || =2.39.3-1 || =2.39.3-10 || =2.39.3-11 || =2.39.3-2 || =2.39.3-3 || =2.39.3-4 || =2.39.3-5 || =2.39.3-6 || =2.39.3-6.1 || =2.39.3-6.1~exp1 || =2.39.3-7 || =2.39.3-8 || =2.39.3-9 || =2.40-1 || =2.40-2 || =2.40-3 || =2.40-4 || =2.40-5 || =2.40-6 || =2.40-7 || =2.40-8 || =2.40.1-1 || =2.40.1-2 || =2.40.1-3 || =2.40.1-4 || =2.40.1-4+hurd.1 || =2.40.1-6 || =2.40.1-7 || =2.40.1-8 || =2.40.1-8.1 || =2.40.1-9 || =2.40.2-1 || =2.40.2-10 || =2.40.2-11 || =2.40.2-12 || =2.40.2-12+hurd.1 || =2.40.2-13 || =2.40.2-14 || =2.40.2-2 || =2.40.2-3 || =2.40.2-4 || =2.40.2-5 || =2.40.2-6 || =2.40.2-7 || =2.40.2-8 || =2.40.2-9 || =2.40.3-1 || =2.40.4-1 || =2.40.4-2 || =2.40.4-3 || =2.40.4-4 || =2.40.4-5 || =2.40~rc2-1 || =2.40~rc2-2 || =2.40~rc2-3 || =2.40~rc2-4 || =2.40~rc2-5 || =2.40~rc2-6 || =2.40~rc2-7 || =2.40~rc2-8 || =2.41-1 || =2.41-2 || =2.41-3 || =2.41-4 || =2.41-5 || =2.41.1-1 || =2.41.1-2 || =2.41.1-3 || =2.41.1-4 || =2.41.2-1 || =2.41.2-2 || =2.41.2-3 || =2.41.2-4 || =2.41.3-1 || =2.41.3-2 || =2.41.3-3 || =2.41.3-4 || =2.41~rc1-1 || =2.41~rc1-2 || =2.41~rc2-1 || =2.42-1 || =2.42-2 || =2.42-3 || =2.42-4 || =2.42-5 || =2.42~rc1-1 || =2.42~rc1-2 || =2.42~rc1-3 || =2.42~rc2-1 | - |
debian 12 | | =2.38.1-5 || =2.38.1-5+deb12u1 || =2.38.1-5+deb12u2 || =2.38.1-5+deb12u3 || =2.38.1-5+loong64 || =2.38.1-6 || =2.39.1-1 || =2.39.1-2 || =2.39.1-3 || =2.39.1-4 || =2.39.2-1 || =2.39.2-2 || =2.39.2-2.1 || =2.39.2-2.2 || =2.39.2-3 || =2.39.2-4 || =2.39.2-5 || =2.39.2-6 || =2.39.3-1 || =2.39.3-10 || =2.39.3-11 || =2.39.3-2 || =2.39.3-3 || =2.39.3-4 || =2.39.3-5 || =2.39.3-6 || =2.39.3-6.1 || =2.39.3-6.1~exp1 || =2.39.3-7 || =2.39.3-8 || =2.39.3-9 || =2.40-1 || =2.40-2 || =2.40-3 || =2.40-4 || =2.40-5 || =2.40-6 || =2.40-7 || =2.40-8 || =2.40.1-1 || =2.40.1-2 || =2.40.1-3 || =2.40.1-4 || =2.40.1-4+hurd.1 || =2.40.1-6 || =2.40.1-7 || =2.40.1-8 || =2.40.1-8.1 || =2.40.1-9 || =2.40.2-1 || =2.40.2-10 || =2.40.2-11 || =2.40.2-12 || =2.40.2-12+hurd.1 || =2.40.2-13 || =2.40.2-14 || =2.40.2-2 || =2.40.2-3 || =2.40.2-4 || =2.40.2-5 || =2.40.2-6 || =2.40.2-7 || =2.40.2-8 || =2.40.2-9 || =2.40.3-1 || =2.40.4-1 || =2.40.4-2 || =2.40.4-3 || =2.40.4-4 || =2.40.4-5 || =2.40~rc2-1 || =2.40~rc2-2 || =2.40~rc2-3 || =2.40~rc2-4 || =2.40~rc2-5 || =2.40~rc2-6 || =2.40~rc2-7 || =2.40~rc2-8 || =2.41-1 || =2.41-2 || =2.41-3 || =2.41-4 || =2.41-5 || =2.41.1-1 || =2.41.1-2 || =2.41.1-3 || =2.41.1-4 || =2.41.2-1 || =2.41.2-2 || =2.41.2-3 || =2.41.2-4 || =2.41.3-1 || =2.41.3-2 || =2.41.3-3 || =2.41.3-4 || =2.41~rc1-1 || =2.41~rc1-2 || =2.41~rc2-1 || =2.42-1 || =2.42-2 || =2.42-3 || =2.42-4 || =2.42-5 || =2.42~rc1-1 || =2.42~rc1-2 || =2.42~rc1-3 || =2.42~rc2-1 | - |
rpm rhel10 | | - | - |
