CVE-2026-13595: Use After Free in Red Hat Red Hat Hardened Images
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
AI Analysis
Technical Summary
CVE-2026-13595 is a heap use-after-free vulnerability in the libblkid library of util-linux on Red Hat Enterprise Linux 10. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers store a raw pointer to a parent partition entry in a dynamically allocated array. When the array is reallocated due to subsequent partition additions, the cached pointer becomes stale, causing a use-after-free read. Because libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events, an attacker can trigger this vulnerability by presenting a crafted block device image (e.g., via USB insertion or loop-mounted disk image) without requiring user interaction. The vulnerability can lead to limited information disclosure or denial of service.
Potential Impact
An attacker capable of presenting a crafted block device image can trigger a heap use-after-free read in libblkid, potentially causing limited information disclosure or denial of service on affected Red Hat Enterprise Linux 10 systems. The vulnerability is exploitable without user interaction and runs with root privileges due to automatic invocation by udev/udisks on block-device hot-plug events.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-13595 for current remediation guidance. Until an official fix is available, consider restricting untrusted block device insertions or disabling automatic probing of block devices if feasible. Monitor the vendor advisory for updates on patches or workarounds.
CVE-2026-13595: Use After Free in Red Hat Red Hat Hardened Images
Description
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
CVSS v3.1
Score 6.8medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-13595 is a heap use-after-free vulnerability in the libblkid library of util-linux on Red Hat Enterprise Linux 10. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers store a raw pointer to a parent partition entry in a dynamically allocated array. When the array is reallocated due to subsequent partition additions, the cached pointer becomes stale, causing a use-after-free read. Because libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events, an attacker can trigger this vulnerability by presenting a crafted block device image (e.g., via USB insertion or loop-mounted disk image) without requiring user interaction. The vulnerability can lead to limited information disclosure or denial of service.
Potential Impact
An attacker capable of presenting a crafted block device image can trigger a heap use-after-free read in libblkid, potentially causing limited information disclosure or denial of service on affected Red Hat Enterprise Linux 10 systems. The vulnerability is exploitable without user interaction and runs with root privileges due to automatic invocation by udev/udisks on block-device hot-plug events.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-13595 for current remediation guidance. Until an official fix is available, consider restricting untrusted block device insertions or disabling automatic probing of block devices if feasible. Monitor the vendor advisory for updates on patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-29T07:20:52.583Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-13595","vendor":"Red Hat"}]
Threat ID: 6a42322327e9c797198a5a57
Added to database: 06/29/2026, 08:51:47 UTC
Last enriched: 06/29/2026, 09:07:07 UTC
Last updated: 06/30/2026, 03:07:40 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.