Wind River Support Network


LIN7-3881 : Security Advisory - fuse - CVE-2015-3202

Created: May 27, 2015    Updated: Sep 8, 2018
Resolved Date: Jun 3, 2015
Previous ID: LIN4-32653
Found In Version:
Fix Version:
Severity: Severe
Applicable for: Wind River Linux 7
Component/s: Userspace


A vulnerability has been discovered in the FUSE subsystem on Linux. It allows a malicious person having an unprivileged account on a vulnerable system to take the full control of this system.

Technical context :
FUSE (Filesystem in Userspace) is an optional subsystem of the Linux kernel that allows handling new filesystems without the need to modify the kernel sources. As it is executed in userspace, unprivileged user can directly use FUSE to mount filesystems.

Technical information :
FUSE incorrectly filtered environment variables before executing mount or umount with elevated privileges. This allows a local attacker to gain administrative privileges.

Steps to Reproduce

The link below has the steps to reproduce the problem:

Other Downloads


Live chat