UBUNTU-CVE-2026-13595

Source
https://ubuntu.com/security/CVE-2026-13595
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-13595
Upstream
Published
2026-06-29T09:16:00Z
Modified
2026-07-01T21:19:39Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.

References

Affected packages

Ubuntu:14.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.20.1-5.1ubuntu9
2.20.1-5.1ubuntu10
2.20.1-5.1ubuntu11
2.20.1-5.1ubuntu12
2.20.1-5.1ubuntu13
2.20.1-5.1ubuntu14
2.20.1-5.1ubuntu15
2.20.1-5.1ubuntu16
2.20.1-5.1ubuntu17
2.20.1-5.1ubuntu18
2.20.1-5.1ubuntu19
2.20.1-5.1ubuntu20
2.20.1-5.1ubuntu20.1
2.20.1-5.1ubuntu20.2
2.20.1-5.1ubuntu20.3
2.20.1-5.1ubuntu20.4
2.20.1-5.1ubuntu20.6
2.20.1-5.1ubuntu20.7
2.20.1-5.1ubuntu20.9

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.20.1-5.1ubuntu20.9"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:18.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.30.1-0ubuntu4
2.30.2-0.1ubuntu1
2.30.2-0.1ubuntu2
2.30.2-0.1ubuntu3
2.31.1-0.4ubuntu2
2.31.1-0.4ubuntu3
2.31.1-0.4ubuntu3.1
2.31.1-0.4ubuntu3.2
2.31.1-0.4ubuntu3.3
2.31.1-0.4ubuntu3.4
2.31.1-0.4ubuntu3.5
2.31.1-0.4ubuntu3.6
2.31.1-0.4ubuntu3.7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "setpriv",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.31.1-0.4ubuntu3.7"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:22.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.36.1-8ubuntu1
2.37.2-4ubuntu1
2.37.2-4ubuntu2
2.37.2-4ubuntu3
2.37.2-4ubuntu3.3
2.37.2-4ubuntu3.4
2.37.2-4ubuntu3.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdextrautils",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "eject",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.37.2-4ubuntu3.5"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.37.2-4ubuntu3.5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:24.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.39.1-4ubuntu2
2.39.2-6ubuntu1
2.39.3-6ubuntu2
2.39.3-9ubuntu2
2.39.3-9ubuntu4
2.39.3-9ubuntu6
2.39.3-9ubuntu6.1
2.39.3-9ubuntu6.2
2.39.3-9ubuntu6.3
2.39.3-9ubuntu6.4
2.39.3-9ubuntu6.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdextrautils",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "eject",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "util-linux-extra",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.39.3-9ubuntu6.5"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.39.3-9ubuntu6.5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:25.10
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.40.2-14ubuntu1
2.41-4ubuntu2
2.41-4ubuntu3
2.41-4ubuntu4
2.41-4ubuntu4.1
2.41-4ubuntu4.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdextrautils",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.41-4ubuntu4.2"
        },
        {
            "binary_name": "eject",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "lastlog2",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "liblastlog2-2",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libpam-lastlog2",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "login",
            "binary_version": "1:4.16.0-2+really2.41-4ubuntu4.2"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "util-linux-extra",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.41-4ubuntu4.2"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.41-4ubuntu4.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:26.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.41-4ubuntu4
2.41.2-4ubuntu1
2.41.2-4ubuntu2
2.41.2-4ubuntu3
2.41.3-3ubuntu1
2.41.3-3ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdextrautils",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.41.3-3ubuntu2"
        },
        {
            "binary_name": "eject",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "lastlog2",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "liblastlog2-2",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libpam-lastlog2",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "login",
            "binary_version": "1:4.16.0-2+really2.41.3-3ubuntu2"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "util-linux-extra",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.41.3-3ubuntu2"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.41.3-3ubuntu2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:Pro:16.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.26.2-6ubuntu3
2.27-3ubuntu1
2.27.1-1ubuntu2
2.27.1-1ubuntu3
2.27.1-1ubuntu4
2.27.1-3ubuntu1
2.27.1-4ubuntu1
2.27.1-6ubuntu1
2.27.1-6ubuntu2
2.27.1-6ubuntu3
2.27.1-6ubuntu3.1
2.27.1-6ubuntu3.2
2.27.1-6ubuntu3.3
2.27.1-6ubuntu3.4
2.27.1-6ubuntu3.6
2.27.1-6ubuntu3.7
2.27.1-6ubuntu3.8
2.27.1-6ubuntu3.9
2.27.1-6ubuntu3.10
2.27.1-6ubuntu3.10+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.27.1-6ubuntu3.10+esm2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"
Ubuntu:Pro:20.04:LTS
util-linux

Package

Name
util-linux
Purl
pkg:deb/ubuntu/util-linux?arch=source&distro=esm-infra%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.34-0.1ubuntu2
2.34-0.1ubuntu4
2.34-0.1ubuntu5
2.34-0.1ubuntu6
2.34-0.1ubuntu7
2.34-0.1ubuntu8
2.34-0.1ubuntu9
2.34-0.1ubuntu9.1
2.34-0.1ubuntu9.3
2.34-0.1ubuntu9.4
2.34-0.1ubuntu9.5
2.34-0.1ubuntu9.6
2.34-0.1ubuntu9.6+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "bsdutils",
            "binary_version": "1:2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "fdisk",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "libblkid1",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "libfdisk1",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "libmount1",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "libsmartcols1",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "libuuid1",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "mount",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "rfkill",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "util-linux",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "util-linux-locales",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        },
        {
            "binary_name": "uuid-runtime",
            "binary_version": "2.34-0.1ubuntu9.6+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-13595.json"