{"api_version":"1","generated_at":"2026-04-22T23:31:06+00:00","cve":"CVE-2021-3996","urls":{"html":"https://cve.report/CVE-2021-3996","api":"https://cve.report/api/cve/CVE-2021-3996.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3996","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3996"},"summary":{"title":"CVE-2021-3996","description":"A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-23 20:15:00","updated_at":"2024-01-07 09:15:00"},"problem_types":["CWE-552"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","name":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","refsource":"MISC","tags":[],"title":"snap-confine must_mkdir_and_open_with_perms() Race Condition ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","name":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","refsource":"MISC","tags":[],"title":"libmount: remove support for deleted mount table entries · util-linux/util-linux@166e873 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221209-0002/","name":"https://security.netapp.com/advisory/ntap-20221209-0002/","refsource":"CONFIRM","tags":[],"title":"August 2022 Util-linux Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2021-3996","name":"https://access.redhat.com/security/cve/CVE-2021-3996","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024628","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2024628","refsource":"MISC","tags":[],"title":"2024628 – (CVE-2021-3996) CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes","name":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2022/Dec/4","name":"20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/11/30/2","name":"[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","refsource":"MLIST","tags":[],"title":"oss-security - Race condition in snap-confine's must_mkdir_and_open_with_perms()\n (CVE-2022-3328)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openwall.com/lists/oss-security/2022/01/24/2","name":"https://www.openwall.com/lists/oss-security/2022/01/24/2","refsource":"MISC","tags":[],"title":"oss-security - CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202401-08","name":"GLSA-202401-08","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3996","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3996","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3996","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kernel","cpe5":"util-linux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3996","qid":"179023","title":"Debian Security Update for util-linux (DSA 5055-1)"},{"cve":"CVE-2021-3996","qid":"184614","title":"Debian Security Update for util-linux (CVE-2021-3996)"},{"cve":"CVE-2021-3996","qid":"198660","title":"Ubuntu Security Notification for util-linux Vulnerabilities (USN-5279-1)"},{"cve":"CVE-2021-3996","qid":"282338","title":"Fedora Security Update for util (FEDORA-2022-9d02441b24)"},{"cve":"CVE-2021-3996","qid":"354315","title":"Amazon Linux Security Advisory for util-linux : ALAS2022-2022-086"},{"cve":"CVE-2021-3996","qid":"354387","title":"Amazon Linux Security Advisory for util-linux : ALAS2022-2022-099"},{"cve":"CVE-2021-3996","qid":"354474","title":"Amazon Linux Security Advisory for util-linux : ALAS2022-2022-218"},{"cve":"CVE-2021-3996","qid":"354581","title":"Amazon Linux Security Advisory for util-linux : ALAS-2022-218"},{"cve":"CVE-2021-3996","qid":"355340","title":"Amazon Linux Security Advisory for util-linux : ALAS2023-2023-024"},{"cve":"CVE-2021-3996","qid":"376419","title":"Snap-Confine Local Privilege Escalation Vulnerability (Oh Snap! More Lemmings)"},{"cve":"CVE-2021-3996","qid":"500713","title":"Alpine Linux Security Update for util-linux"},{"cve":"CVE-2021-3996","qid":"504487","title":"Alpine Linux Security Update for util-linux"},{"cve":"CVE-2021-3996","qid":"6140047","title":"AWS Bottlerocket Security Update for util-linux (GHSA-9fh2-79qc-65m6)"},{"cve":"CVE-2021-3996","qid":"671444","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1461)"},{"cve":"CVE-2021-3996","qid":"671460","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1440)"},{"cve":"CVE-2021-3996","qid":"671640","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1654)"},{"cve":"CVE-2021-3996","qid":"671644","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1668)"},{"cve":"CVE-2021-3996","qid":"710828","title":"Gentoo Linux util-linux Multiple Vulnerabilities (GLSA 202401-08)"},{"cve":"CVE-2021-3996","qid":"751814","title":"OpenSUSE Security Update for libeconf, shadow and util-linux (openSUSE-SU-2022:0727-1)"},{"cve":"CVE-2021-3996","qid":"752028","title":"SUSE Enterprise Linux Security Update for libeconf, shadow and util-linux (SUSE-SU-2022:0727-1)"},{"cve":"CVE-2021-3996","qid":"903783","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (10710)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3996","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"util-linux","version":{"version_data":[{"version_value":"Fixed in util-linux v2.37.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-552 - Files or Directories Accessible to External Parties"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes","url":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes"},{"refsource":"MISC","name":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb","url":"https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb"},{"refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2022/01/24/2","url":"https://www.openwall.com/lists/oss-security/2022/01/24/2"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2024628","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024628"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2021-3996","url":"https://access.redhat.com/security/cve/CVE-2021-3996"},{"refsource":"MLIST","name":"[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","url":"http://www.openwall.com/lists/oss-security/2022/11/30/2"},{"refsource":"FULLDISC","name":"20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","url":"http://seclists.org/fulldisclosure/2022/Dec/4"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","url":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221209-0002/","url":"https://security.netapp.com/advisory/ntap-20221209-0002/"}]},"description":{"description_data":[{"lang":"eng","value":"A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems."}]}},"nvd":{"publishedDate":"2022-08-23 20:15:00","lastModifiedDate":"2024-01-07 09:15:00","problem_types":["CWE-552"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*","versionStartIncluding":"2.34","versionEndExcluding":"2.37.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3996","Ordinal":"221728","Title":"CVE-2021-3996","CVE":"CVE-2021-3996","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3996","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}