CVE-2018-7738

Name: CVE-2018-7738
Creator: NVD / NIST
Published: 2018-03-07T02:29:03.533+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.46%

Last modified Jun 17, 2026

CVE-2018-7738 is a vulnerability of currently unknown severity. In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

Metrics

EPSS Probability

0.46%

36.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Kernel	Util-Linux	<= 2.31

References

http://www.securityfocus.com/bid/103367Third Party Advisory, VDB Entry
https://bugs.debian.org/892179Patch, Third Party Advisory
https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55Patch, Third Party Advisory
https://github.com/karelzak/util-linux/issues/539Issue Tracking, Third Party Advisory
https://usn.ubuntu.com/4512-1/
https://www.debian.org/security/2018/dsa-4134Third Party Advisory
http://www.securityfocus.com/bid/103367Third Party Advisory, VDB Entry
https://bugs.debian.org/892179Patch, Third Party Advisory
https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55Patch, Third Party Advisory
https://github.com/karelzak/util-linux/issues/539Issue Tracking, Third Party Advisory
https://security.netapp.com/advisory/ntap-20241213-0002/
https://usn.ubuntu.com/4512-1/
https://www.debian.org/security/2018/dsa-4134Third Party Advisory

Timeline

Published: Mar 7, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-7738?

How severe is CVE-2018-7738?

Severity scoring for CVE-2018-7738 is pending analysis. The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2018-7738?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7738?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST