6.8
CVE-2026-13595
- EPSS 0.11%
- Veröffentlicht 29.06.2026 08:06:09
- Zuletzt bearbeitet 08.07.2026 03:37:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Hardened Images Version-
Redhat ≫ Openshift Container Platform Version >= 4.0 <= 4.22.1
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
Kernel ≫ Util-linux Version < 2.42.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1 | 4.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
|
| secalert@redhat.com | 6.8 | 2.5 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://bugzilla.redhat.com/show_bug.cgi?id=2494101
https://github.com/util-linux/util-linux/commit/c0186f14fbdb02f64c8e0ba701ce727ea764ff4c
https://access.redhat.com/errata/RHSA-2026:26573
https://access.redhat.com/security/cve/CVE-2026-13595