DEBIAN-CVE-2018-7738

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-7738

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-7738.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2018-7738

Upstream

CVE-2018-7738

Published

2018-03-07T02:29:03Z

Modified

2025-09-25T23:23:38.931168Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

References

https://security-tracker.debian.org/tracker/CVE-2018-7738

Affected packages

Debian:11

bash-completion

Package

Name: bash-completion
Purl: pkg:deb/debian/bash-completion?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.11-2

1:2.11-3~exp1

1:2.11-3

1:2.11-4

1:2.11-5

1:2.11-6

1:2.11-7

1:2.11-8

1:2.12.0-1

1:2.13.0-1

1:2.14.0-1

1:2.14.0-2

1:2.16.0-1

1:2.16.0-2

1:2.16.0-3

1:2.16.0-4

1:2.16.0-5

1:2.16.0-6

1:2.16.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

util-linux

Package

Name: util-linux
Purl: pkg:deb/debian/util-linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.31.1-0.5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

bash-completion

Package

Name: bash-completion
Purl: pkg:deb/debian/bash-completion?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.11-6

1:2.11-7

1:2.11-8

1:2.12.0-1

1:2.13.0-1

1:2.14.0-1

1:2.14.0-2

1:2.16.0-1

1:2.16.0-2

1:2.16.0-3

1:2.16.0-4

1:2.16.0-5

1:2.16.0-6

1:2.16.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

util-linux

Package

Name: util-linux
Purl: pkg:deb/debian/util-linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.31.1-0.5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

bash-completion

Package

Name: bash-completion
Purl: pkg:deb/debian/bash-completion?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.16.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

util-linux

Package

Name: util-linux
Purl: pkg:deb/debian/util-linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.31.1-0.5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

bash-completion

Package

Name: bash-completion
Purl: pkg:deb/debian/bash-completion?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.16.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

util-linux

Package

Name: util-linux
Purl: pkg:deb/debian/util-linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.31.1-0.5

Ecosystem specific

{
    "urgency": "not yet assigned"
}