Description
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
Published: 2026-06-29
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in the libblkid library of util-linux, where nested partition probing can cache a raw pointer to a parent partition entry in a temporary array. If the array is reallocated due to additional partitions, the pointer becomes stale and a heap use‑after‑free read occurs. This vulnerability is a CWE‑416 issue. The potential impact includes limited disclosure of data residing in memory and the possibility of a denial of service by causing libblkid to crash. The flaw can be triggered automatically without user interaction whenever a block device is hot‑plugged, as udev/udisks invoke libblkid as root during such events.

Affected Systems

Affected products are various Red Hat offerings, including Red Hat Enterprise Linux 7, 8, 9, 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. The vulnerable component is the util‑linux libblkid library used by udev/udisks in these distributions.

Risk and Exploitability

The CVSS score of 6.8 indicates a medium‑to‑high severity. The EPSS score is not available, so the likelihood of exploitation cannot be quantified at this time, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need the ability to present a crafted block device image—such as inserting a USB drive or mounting a malicious loop image—to trigger the flaw, which is typically executed with root privileges by automatic system services.

Generated by OpenCVE AI on June 29, 2026 at 09:21 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


OpenCVE Recommended Actions

  • Apply the latest Red Hat security updates for util‑linux when released.
  • Ensure that only trusted users can provide block devices or limit udev hot‑plug events if feasible.
  • Monitor udev and system logs for unexpected partition probe failures or crashes that may indicate exploitation attempts.

Generated by OpenCVE AI on June 29, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
References

Mon, 29 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux util-linux
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Linux
Linux util-linux
Redhat hardened Images
Redhat openshift Container Platform

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
Title Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-416
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}


Subscriptions

Linux Util-linux
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T02:14:09.471Z

Reserved: 2026-06-29T07:20:52.583Z

Link: CVE-2026-13595

cve-icon Vulnrichment

Updated: 2026-06-29T13:50:21.428Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:05:30Z

Weaknesses