Plattform
linux
Komponente
util-linux
Behoben in
2.41.5
CVE-2026-27456 identifies a Race Condition vulnerability within the util-linux package, specifically affecting the /usr/bin/mount binary. This flaw allows a local attacker to potentially escalate privileges by exploiting a Time-of-Check-Time-of-Use (TOCTOU) condition. The vulnerability impacts versions prior to 2.41.4 and can be resolved by upgrading to the patched version.
The vulnerability lies in how /usr/bin/mount handles loop device setup. It initially validates the source file path using user privileges, but subsequently re-canonicalizes and opens the file with root privileges without re-verifying the path. This creates a window of opportunity for an attacker to replace the file between the check and the open operations. Successful exploitation could allow an attacker to execute arbitrary code with root privileges, leading to complete system compromise. This is particularly concerning given the widespread use of util-linux across various Linux distributions.
CVE-2026-27456 was publicly disclosed on 2026-04-03. Its EPSS score is currently pending evaluation. No public proof-of-concept (PoC) exploits have been released at the time of writing, but the TOCTOU nature of the vulnerability suggests that exploitation is likely possible. It is not currently listed on the CISA KEV catalog.
Systems running older versions of util-linux, particularly those with shared user accounts or where users have elevated privileges, are at increased risk. Environments utilizing loop devices extensively, such as containerized deployments or virtual machine setups, should prioritize patching.
• linux / server:
journalctl -g 'mount' -f | grep -i 'realpath'• linux / server:
auditctl -w /usr/bin/mount -p wa -k mount_race• linux / server:
lsof /usr/bin/mountdisclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade util-linux to version 2.41.4 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. While a WAF is unlikely to be effective here, restricting access to the /usr/bin/mount binary to trusted users can reduce the attack surface. Monitoring system logs for suspicious mount operations, particularly those involving unusual file paths, can also aid in detection. After upgrading, confirm the fix by attempting to trigger the vulnerable mount operation with a modified file path and verifying that the operation fails.
Aktualisieren Sie das util-linux-Paket auf Version 2.41.4 oder höher, um die TOCTOU-Schwachstelle zu beheben. Dieses Update behebt die falsche Validierung des Pfads der Quelldatei während der Einrichtung von Loop-Geräten und verhindert so die Ausführung von beliebigem Code als Root.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27456 is a Race Condition vulnerability in util-linux versions before 2.41.4 affecting the /usr/bin/mount binary, allowing potential privilege escalation.
You are affected if you are running util-linux versions prior to 2.41.4. Check your system's util-linux version to determine if you are vulnerable.
Upgrade util-linux to version 2.41.4 or later. If immediate upgrade is not possible, consider temporary workarounds like restricting access to /usr/bin/mount.
There is currently no indication of active exploitation campaigns or publicly available exploits for CVE-2026-27456.
Refer to the official util-linux project website or relevant security mailing lists for the advisory related to CVE-2026-27456.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.