{"id":"CVE-2021-3996","details":"A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.","modified":"2026-04-16T04:38:34.072479382Z","published":"2022-08-23T20:15:08.560Z","related":["SUSE-SU-2022:0727-1","SUSE-SU-2022:0727-2","openSUSE-SU-2022:0727-1","openSUSE-SU-2024:11784-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/11/30/2"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-08"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221209-0002/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Dec/4"},{"type":"ADVISORY","url":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3996"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024628"},{"type":"FIX","url":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2022/01/24/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/karelzak/util-linux","events":[{"introduced":"d4319b91c9d7d69e7b954fc66819214f81501312"},{"fixed":"331a1e6e10f7943a12112c7161a8c995c1c5b9b9"}],"database_specific":{"versions":[{"introduced":"2.34"},{"fixed":"2.37.3"}]}},{"type":"GIT","repo":"https://github.com/util-linux/util-linux","events":[{"introduced":"0"},{"fixed":"166e87368ae88bf31112a30e078cceae637f4cdb"}]}],"versions":["v2.10f","v2.10m","v2.10s","v2.11b","v2.11f","v2.11m","v2.11n","v2.11o","v2.11q","v2.11r","v2.11t","v2.11u","v2.11v","v2.11w","v2.11x","v2.11y","v2.12","v2.12a","v2.12b","v2.12d","v2.12h","v2.12i","v2.12j","v2.12k","v2.12l","v2.12m","v2.12o","v2.12p","v2.12pre","v2.12q","v2.12q-pre1","v2.12q-pre2","v2.12r","v2.12r-pre1","v2.13","v2.13-pre1","v2.13-pre2","v2.13-pre3","v2.13-pre4","v2.13-pre5","v2.13-pre6","v2.13-pre7","v2.13-rc1","v2.13-rc2","v2.13-rc3","v2.14","v2.14-rc1","v2.14-rc2","v2.14-rc3","v2.15","v2.15-rc1","v2.15-rc2","v2.16","v2.16-rc1","v2.16-rc2","v2.17","v2.17-rc1","v2.17-rc2","v2.17-rc3","v2.18","v2.18-rc1","v2.18-rc2","v2.19","v2.19-rc1","v2.19-rc2","v2.19-rc3","v2.2","v2.20","v2.20-rc1","v2.20-rc2","v2.21","v2.21-rc1","v2.21-rc2","v2.22","v2.22-rc1","v2.22-rc2","v2.23","v2.23-rc1","v2.23-rc2","v2.24","v2.24-rc1","v2.24-rc2","v2.25","v2.25-rc1","v2.25-rc2","v2.26","v2.26-rc1","v2.26-rc2","v2.27","v2.27-rc1","v2.27-rc2","v2.28","v2.28-rc1","v2.28-rc2","v2.29","v2.29-rc1","v2.29-rc2","v2.30","v2.30-rc1","v2.30-rc2","v2.31","v2.31-rc1","v2.31-rc2","v2.32","v2.32-rc1","v2.32-rc2","v2.33","v2.33-rc1","v2.33-rc2","v2.34","v2.34-rc1","v2.34-rc2","v2.35","v2.35-rc1","v2.35-rc2","v2.36","v2.36-rc1","v2.36-rc2","v2.37","v2.37-rc1","v2.37-rc2","v2.37.1","v2.37.2","v2.5","v2.7.1","v2.8","v2.9i","v2.9v"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3996.json","vanir_signatures":[{"id":"CVE-2021-3996-1d58d02f","source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","signature_version":"v1","signature_type":"Function","target":{"file":"misc-utils/findmnt.c","function":"get_data"},"deprecated":false,"digest":{"length":3726,"function_hash":"172190503425158250389494480808560178722"}},{"id":"CVE-2021-3996-2d1d2a24","digest":{"line_hashes":["148271273388203354470307206719535892884","62287315139407245811954595481725356072","214980228586424104484449972395979075984","217898200299446668385854001693895204685","51801488505642128081018949456777325706","257342031427320780263277671271392767484","168136948023821894125767835402239888107","127236742331569048669726256605141397714"],"threshold":0.9},"signature_version":"v1","target":{"file":"libmount/src/tab_parse.c"},"source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","deprecated":false,"signature_type":"Line"},{"id":"CVE-2021-3996-42c64fc9","signature_type":"Function","signature_version":"v1","digest":{"length":5214,"function_hash":"158498815795531669837843951447915555277"},"target":{"file":"misc-utils/findmnt.c","function":"usage"},"deprecated":false,"source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb"},{"id":"CVE-2021-3996-4782ce74","digest":{"line_hashes":["286140304454410413634878294559679225379","192975041025611851365509477730454023811","164927361626773875653768085836916003090","315158568700694488048869430152950559000","315371986635039980251722367442174253558","170411346683885901129397721417919139330","300654987440978909167170236251493796625"],"threshold":0.9},"signature_version":"v1","target":{"file":"libmount/src/fs.c"},"source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","deprecated":false,"signature_type":"Line"},{"id":"CVE-2021-3996-661209d0","source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","signature_version":"v1","signature_type":"Function","target":{"file":"libmount/src/tab_parse.c","function":"mnt_parse_mountinfo_line"},"deprecated":false,"digest":{"length":2940,"function_hash":"315893505501780867915916644769990653558"}},{"id":"CVE-2021-3996-93c9e9b0","digest":{"length":81,"function_hash":"120976056213085741100383319772317386052"},"signature_version":"v1","source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","target":{"file":"libmount/src/fs.c","function":"mnt_fs_is_deleted"},"deprecated":false,"signature_type":"Function"},{"id":"CVE-2021-3996-974cdc92","signature_type":"Function","signature_version":"v1","source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","digest":{"length":10685,"function_hash":"331940063383546000812631025201381521261"},"deprecated":false,"target":{"file":"misc-utils/findmnt.c","function":"main"}},{"id":"CVE-2021-3996-f75b1716","source":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","signature_version":"v1","signature_type":"Line","target":{"file":"misc-utils/findmnt.c"},"deprecated":false,"digest":{"line_hashes":["298855823468841395292686224986095376908","66703069748486132479840055249640881267","233714075636408001559557418962410107460","47099453058534788772784177087901182001","111462451473006695466070065962996343255","114345554248835959056859442733828899902","292286073993658657802662615967279738168","200996797631186976073356362057259312729","25624830782666857265106780171878185034","167223574011331999619862769939752356439","215597028844341321701811046774650302989","330842130761394063961666841624178507895","59484410659985697729861471062395614522","273044645211350846033584871890401335473","78245747810213312559139308309647888190","268949403362698462011002659534011286781","274980906433835594308526205823375851896","264449175584110271771129178353261205817","93409794396920401241971728542441572167","216139292853369616917558222569159936658","220399846976224944228303842596634524639","86514528827020005887911999400195480317","285125084310968877194948385341663239230","44121081881317959019337810236318650262","28866909802456987500913224205049437921","20663972531521107759201287080375326472","249532879622485537199582428047034223176","272872723077785993134229110936859773043","222791952572539269023063095560659778610","207828066042423960456697170375309616514","190047051100916545495807959403691222287","226333833310301199192822554540295948691","143811529040762080966032895854022885710","153334248956534021195123426579781065793","293702649514223561413169178365969606528","220864291065299398209326231576015526951","162057996291746731607750476800602898895","18748884966158230515994239272788054447","302631595818999861945477251471038051430","147273131590380867193257547592252124930","287739967803146989390422017736258284411","282578722999074585619798239376483379638","134548041378653384101393578474875873273","1139099346432572383810132542762886996"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-11T21:23:19Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}