{"id":"USN-4512-1","summary":"util-linux vulnerability","details":"It was discovered that the umount bash completion script shipped in\nutil-linux incorrectly handled certain mountpoints. If a local attacker\nwere able to create arbitrary mountpoints, another user could be tricked\ninto executing arbitrary code when attempting to run the umount command\nwith bash completion.\n","modified":"2026-04-22T10:18:06.811842Z","published":"2020-09-17T11:31:17Z","related":["UBUNTU-CVE-2018-7738"],"upstream":["CVE-2018-7738","UBUNTU-CVE-2018-7738"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4512-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7738"}],"affected":[{"package":{"name":"util-linux","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/util-linux@2.31.1-0.4ubuntu3.7?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.31.1-0.4ubuntu3.7"}]}],"versions":["2.30.1-0ubuntu4","2.30.2-0.1ubuntu1","2.30.2-0.1ubuntu2","2.30.2-0.1ubuntu3","2.31.1-0.4ubuntu2","2.31.1-0.4ubuntu3","2.31.1-0.4ubuntu3.1","2.31.1-0.4ubuntu3.2","2.31.1-0.4ubuntu3.3","2.31.1-0.4ubuntu3.4","2.31.1-0.4ubuntu3.5","2.31.1-0.4ubuntu3.6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"bsdutils","binary_version":"1:2.31.1-0.4ubuntu3.7"},{"binary_name":"fdisk","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libblkid1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libfdisk1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libmount1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libsmartcols1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"libuuid1","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"mount","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"rfkill","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"setpriv","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"util-linux","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"util-linux-locales","binary_version":"2.31.1-0.4ubuntu3.7"},{"binary_name":"uuid-runtime","binary_version":"2.31.1-0.4ubuntu3.7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4512-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}],"id":"CVE-2018-7738"}]}}}],"schema_version":"1.7.5"}