From: Peter Korsgaard <peter@korsgaard.com>
To: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/util-linux: security bump to 2.41.5
Date: Thu, 18 Jun 2026 21:38:46 +0200 [thread overview]
Message-ID: <87zf0rd4ft.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20260618075411.969878-1-giulio.benetti@benettiengineering.com> (Giulio Benetti's message of "Thu, 18 Jun 2026 09:54:11 +0200")
>>>>> "Giulio" == Giulio Benetti <giulio.benetti@benettiengineering.com> writes:
> Security fixes:
> CVE-2026-53613 - mount(8) TOCTOU race on target path.
> The SUID mount does not pin the mount target directory, allowing a
> race between path resolution and the actual mount syscall. A local
> attacker can swap an ancestor directory component between these
> steps to redirect a mount to an arbitrary location.
> Reported-by: Xinyao Hu
> CVE-2026-53612 - mount(8) TOCTOU race on post-mount owner/mode change.
> The X-mount.owner, X-mount.group, and X-mount.mode options use
> path-based lchown()/chmod() after mounting. An attacker can swap
> the target between mount and the ownership/mode change to gain
> control of arbitrary files.
> Reported-by: Xinyao Hu
> CVE-2026-53614 - mount(8) SUID bypass via LIBMOUNT_FORCE_MOUNT2.
> The environment variable LIBMOUNT_FORCE_MOUNT2 is not filtered
> via safe_getenv() in SUID context. A local attacker can force
> the legacy mount(2) code path, which uses a two-step bind+remount
> or propagation sequence with a window where security flags (nosuid,
> noexec, ...) are not yet applied.
> Reported-by: Xinyao Hu
> Full release notes: https://www.kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.5-ReleaseNotes
> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2026-06-18 19:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-18 7:54 [Buildroot] [PATCH] package/util-linux: security bump to 2.41.5 Giulio Benetti
2026-06-18 19:38 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zf0rd4ft.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=giulio.benetti@benettiengineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.