{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/util-linux/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["util-linux","denial-of-service","information-disclosure","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists within the util-linux package that can be exploited by a local attacker. While specific details regarding the vulnerable component or version are not provided in the advisory, successful exploitation can lead to a denial-of-service (DoS) condition and the disclosure of sensitive information. The impact is limited to systems where the attacker has local access, but successful exploitation could disrupt services and expose sensitive data to unauthorized users. Defenders should prioritize identifying and mitigating this vulnerability to prevent potential disruptions and data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a Linux system running a vulnerable version of util-linux.\u003c/li\u003e\n\u003cli\u003eAttacker identifies a vulnerable utility within the util-linux package. (Specific utility name not provided).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious input or command designed to trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker executes the malicious input/command using the vulnerable utility.\u003c/li\u003e\n\u003cli\u003eThe vulnerability causes the targeted utility to crash or enter a non-responsive state, contributing to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eThe vulnerability allows the attacker to read sensitive information from the system\u0026rsquo;s memory or file system.\u003c/li\u003e\n\u003cli\u003eAttacker exfiltrates the disclosed information.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the disclosed information for further malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to trigger a denial-of-service condition, potentially disrupting critical system services. The attacker can also disclose sensitive information, leading to potential data breaches or further compromise of the system. The number of affected systems is unknown but depends on the prevalence of the vulnerable util-linux version.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate the specific vulnerable utility and version within util-linux to determine the scope of impact using OS package management tools (\u003ccode\u003edpkg\u003c/code\u003e, \u003ccode\u003erpm\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor process execution for unusual command-line arguments or behaviors associated with util-linux utilities using \u003ccode\u003eprocess_creation\u003c/code\u003e logs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM and tune them for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T08:08:57Z","date_published":"2026-04-22T08:08:57Z","id":"/briefs/2024-04-util-linux-dos-info-disclosure/","summary":"A local attacker can exploit a vulnerability in util-linux to perform a denial of service attack and disclose sensitive information.","title":"util-linux Vulnerability Allows DoS and Information Disclosure","url":"https://feed.craftedsignal.io/briefs/2024-04-util-linux-dos-info-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Util-Linux","version":"https://jsonfeed.org/version/1.1"}