Fluid Attacks Database

Description

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	util-linux	>=0 <2.29.2-1	2.29.2-1
debian 11	util-linux	>=0 <2.29.2-1	2.29.2-1
debian 14	coreutils	>=0 <8.20-1	8.20-1
debian 13	coreutils	>=0 <8.20-1	8.20-1
debian 14	util-linux	>=0 <2.29.2-1	2.29.2-1
debian 12	shadow	>=0 <1:4.4-4	1:4.4-4
debian 14	shadow	>=0 <1:4.4-4	1:4.4-4
debian 13	shadow	>=0 <1:4.4-4	1:4.4-4
debian 12	coreutils	>=0 <8.20-1	8.20-1
debian 12	util-linux	>=0 <2.29.2-1	2.29.2-1

1-10 of 15

Aliases

1. CVE-2017-26162. NVD-2017-26163. OSV-DEBIAN-2017-26164. OSV-2017-26165. SECURITY-TRACKER-CVE-2017-2616

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.