{"id":"UBUNTU-CVE-2018-7738","details":"In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.","modified":"2026-04-22T13:21:20.155256Z","published":"2018-03-07T02:29:00Z","related":["USN-4512-1"],"upstream":["CVE-2018-7738"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7738"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4512-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-7738"}],"affected":[{"package":{"name":"util-linux","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/util-linux@2.31.1-0.4ubuntu3.7?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.31.1-0.4ubuntu3.7"}]}],"versions":["2.30.1-0ubuntu4","2.30.2-0.1ubuntu1","2.30.2-0.1ubuntu2","2.30.2-0.1ubuntu3","2.31.1-0.4ubuntu2","2.31.1-0.4ubuntu3","2.31.1-0.4ubuntu3.1","2.31.1-0.4ubuntu3.2","2.31.1-0.4ubuntu3.3","2.31.1-0.4ubuntu3.4","2.31.1-0.4ubuntu3.5","2.31.1-0.4ubuntu3.6"],"ecosystem_specific":{"binaries":[{"binary_name":"bsdutils","binary_version":"1:2.31.1-0.4ubuntu3.7"},{"binary_name":"fdisk","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libblkid1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libfdisk1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libmount1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libsmartcols1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libuuid1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"mount","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"rfkill","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"setpriv","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"util-linux","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"util-linux-locales","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"uuid-runtime","binary_version":"2.31.1-0.4ubuntu3.7"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-7738.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]}