ALPINE-CVE-2021-3996

ALPINE-CVE-2021-3996 PUBLISHED CVSS 5.5 MEDIUM

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.19	util-linux	2.36.2-r0, 2.37.2-r7, 2.37.2-r6
Alpine:v3.21	util-linux	2.19.1-r0, 2.34-r1, 2.35-r0
Alpine:v3.15	util-linux	2.36-r2, 2.36.2-r0, 2.36.2-r1
Alpine:v3.16	util-linux	2.36-r2, 2.19.1-r0, 2.14.2-r0
Alpine:v3.20	util-linux	2.35.1-r0, 2.16-r2, 2.24.2-r0
Alpine:v3.23	util-linux	2.24.2-r1, 0, 2.14.1-r1
Alpine:v3.12	util-linux	2.14.1-r0, 2.35.2-r0, 2.35.1-r4
Alpine:v3.14	util-linux	2.16.2-r0, 0, 2.14.1-r0
Alpine:v3.18	util-linux	2.31-r0, 2.32-r0, 2.33-r0
Alpine:v3.22	util-linux	2.37.2-r7, 0, 2.14.1-r0
Alpine:v3.17	util-linux	2.14.1-r1, 2.24.2-r1, 2.24.2-r2
Alpine:v3.13	util-linux	2.36.1-r1, 2.36.1-r0, 2.36-r2

Timeline

Aug 23, 2022 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2021-3996 advisory

Open in Interactive Console →