CVE-2026-27456

EUVD-2026-18864
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.
Link Following
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
kernelutil-linux
𝑥
< 2.41.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
util-linux
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
2.42.2-1
fixed
sid
2.42.2-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libblkid-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libblkid-devel-static
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libblkid1
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libblkid1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libfdisk-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libfdisk1
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libmount-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libmount1
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libmount1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libsmartcols-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libsmartcols1
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libuuid-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libuuid-devel-static
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libuuid1
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
libuuid1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
python-libmount
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
util-linux
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
util-linux-extra
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
util-linux-lang
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
util-linux-systemd
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
util-linux-tty-tools
suse enterprise desktop 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.13.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.13.1
fixed
uuidd
suse enterprise server 12 SP3
2.29.2-3.51.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.47.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
util-linux
Azure Linux 3.0
0:2.40.2-4.azl3
fixed