oM noM Security Feeds cve
vulnerability context

CVE-2026-13595

CVSS 6.8 MEDIUMEPSS 3.1%CWE-416OTX 5 pulses

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on b...

Published 2026-06-29 · last modified 2026-06-30

details

CISA KEV status
Not in catalog
CVSS v3
6.8 / MEDIUM
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS
3.1% percentile (score 0.0013)
CWE
CWE-416
OTX pulses
5 total, 0 recent

source mentions 5

source consensus

  • Bluesky
  • MSRC Update Guide
Want the 3-bullet summary of CVE-2026-13595, plus webhook alerts when KEV is updated? Pro is $10/mo.