Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 43 util-linux Important SUID Symlink Attack CVE-2026-27456

fedora
Calendar Grey April 10, 2026
Dist Fedora Esm H88
Fixes security flaws in util-linux for Fedora 43, addressing symlink attacks and integer overflow issues.
upstream update, fixes security-related bugs CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device

Summary

The util-linux package contains a large variety of low-level system

utilities that are necessary for a Linux system to function. Among

others, util-linux contains the fdisk configuration tool and the login

program.

Update Information:

upstream update, fixes security-related bugs CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device. The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files. CWE-190 - Integer overflow in libblkid parse_dos_extended(). A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0.

Topics%20covered

Topics Covered

security advisory fedora important symlink SUID mount

Change Log

* Wed Apr 1 2026 Karel Zak - 2.41.4-7 - upgrade to upstream release v2.41.4 * Mon Jan 12 2026 Karel Zak - 2.41.3-9 - enable BuildRequires for parsers * Mon Jan 12 2026 Karel Zak - 2.41.3-8 - fix built on new gcc (bison based code and libblkid API)

References

Fedora Update Notification FEDORA-2026-840b40ef4c 2026-04-10 00:59:15.834457+00:00 Name : util-linux Product : Fedora 43 Version : 2.41.4 Release : 7.fc43 URL : https://en.wikipedia.org/wiki/Util-linux Summary : Collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-840b40ef4c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: util-linux
Product: Fedora 43
Version: 2.41.4
Release: 7.fc43
URL: https://en.wikipedia.org/wiki/Util-linux
Summary: Collection of basic system utilities

Topics%20covered

Topics Covered

security advisory fedora important symlink SUID mount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here