CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
Configurations

Configuration 1

cpe:2.3:a:deepin:deepin-clone:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Information

Published : 2019-07-04 12:15

Updated : 2022-04-18 04:56


NVD link : CVE-2019-13226

Mitre link : CVE-2019-13226

Products Affected
No products.