Name: util-linux
CVEs: CVE-2026-53612, CVE-2026-53613, CVE-2026-53614
CVSSs: n/a, n/a, n/a
Action Needed: update to >= 2.41.5 or >= 2.42.2
Summary:
- CVE-2026-53612: mount(8) TOCTOU race on post-mount owner/mode change. The X-mount.owner, X-mount.group, and X-mount.mode options use path-based lchown()/chmod() after mounting. An attacker can swap the target between mount and the ownership/mode change to gain control of arbitrary files.
- CVE-2026-53613: mount(8) TOCTOU race on target path. The SUID mount does not pin the mount target directory, allowing a race between path resolution and the actual mount syscall. A local attacker can swap an ancestor directory component between these steps to redirect a mount to an arbitrary location.
- CVE-2026-53614: mount(8) SUID bypass via LIBMOUNT_FORCE_MOUNT2. The environment variable LIBMOUNT_FORCE_MOUNT2 is not filtered via safe_getenv() in SUID context. A local attacker can force the legacy mount(2) code path, which uses a two-step bind+remount or propagation sequence with a window where security flags (nosuid, noexec, ...) are not yet applied.
refmap.gentoo: https://bugs.gentoo.org/977563
Name: util-linux
CVEs: CVE-2026-53612, CVE-2026-53613, CVE-2026-53614
CVSSs: n/a, n/a, n/a
Action Needed: update to >= 2.41.5 or >= 2.42.2
Summary:
refmap.gentoo: https://bugs.gentoo.org/977563