CVE-2021-3995

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3995
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3995.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3995
Downstream
Related
Published
2022-08-23T20:15:08.493Z
Modified
2026-04-16T00:03:04.600158626Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "35"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/util-linux/util-linux

Affected ranges

Type
GIT
Repo
https://github.com/util-linux/util-linux
Events
Introduced
d4319b91c9d7d69e7b954fc66819214f81501312
Fixed
331a1e6e10f7943a12112c7161a8c995c1c5b9b9
Fixed
57202f5713afa2af20ffbb6ab5331481d0396f8d
Database specific 
{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "2.34"
        },
        {
            "fixed": "2.37.3"
        }
    ],
    "cpe": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*"
}

Affected versions

v2.*
v2.34
v2.35
v2.35-rc1
v2.35-rc2
v2.36
v2.36-rc1
v2.36-rc2
v2.37
v2.37-rc1
v2.37-rc2
v2.37.1
v2.37.2

Database specific

vanir_signatures_modified 
"2026-04-12T01:58:36Z"
vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d",
        "signature_version": "v1",
        "id": "CVE-2021-3995-1269fc08",
        "deprecated": false,
        "target": {
            "file": "libmount/src/context_umount.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "81833027147814142702493867864697118814",
                "22792341624995426804440732716874906998",
                "188129392422443153924944788904067990904",
                "289832127756634622752234079428081538359",
                "188233886253345268096733697169544595795",
                "54138356629918355815573150655132355934",
                "324292356523075565319494258265560506588",
                "114881293640818590502704345181145763206",
                "252555775388927122890851343390493895485",
                "9508519970305665832091602711484130055",
                "228804560706147985872816054995110662106",
                "252883063391353887645273737182603475220",
                "44534298722337665907700591885301216326",
                "94670876492226503115421535655832914762",
                "29640391338747571040081614814014233685",
                "103760253877128533039879473059782134202",
                "255531754742027994346867870546517870151",
                "1246224938679420241439038734661924898"
            ]
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d",
        "signature_version": "v1",
        "id": "CVE-2021-3995-2ca3bb48",
        "deprecated": false,
        "target": {
            "file": "libmount/src/mountP.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "272811208154020133914318975517155984077",
                "216228617924098157011331334669078161763",
                "114236596888292634881368870369009595218"
            ]
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2021-3995-74f6c434",
        "source": "https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d",
        "digest": {
            "length": 908.0,
            "function_hash": "109824080416446340833412381312032531836"
        },
        "target": {
            "file": "libmount/src/context_umount.c",
            "function": "is_fuse_usermount"
        }
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2021-3995-a6de3fc7",
        "source": "https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d",
        "target": {
            "file": "libmount/src/optstr.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "60879234107707746506513134776949747801",
                "81822503343067849456986118838830635954",
                "318274765580926732049416029184645580805"
            ]
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3995.json"