Upstream util-linux fix for CVE-2026-27456 modifies source code that
is not used in loop-AES patched version of util-linux. CVE-2026-27456
fix for loop-AES patched version needs following additional patch
applied. In newer versions of util-linux, the source code that needs
to be modified is in libmount/src/hook_loopdev1.c file. In older
versions of util-linux, the source code that needs to be modified is
in libmount/src/context_loopdev1.c file. This patch works only for
libmount enabled builds, so this patch does not work for really old
versions of util-linux. loop-AES-v3.8i and newer loop-AES releases
will include this fix.

Patch instructions for NEWER versions of util-linux:

    cat THIS_FILE | patch -p1

Patch instructions for OLDER versions of util-linux:

    cat THIS_FILE | sed -e s/hook_/context_/ | patch -p1

Jari Ruusu, April 4 2026



--- ./libmount/src/hook_loopdev1.c.OLD
+++ ./libmount/src/hook_loopdev1.c
@@ -1155,7 +1155,7 @@
 		/* Looks like no "loop" option at all. Add one so it gets cleaned up by umount */
 		mnt_optstr_append_option(&cxt->fs->user_optstr, "loop", NULL);
 	}
-	if((backing_fi_fd = open(pi.loopFileName, mode)) < 0) {
+	if((backing_fi_fd = open(pi.loopFileName, (mnt_context_is_restricted(cxt) ? O_NOFOLLOW : 0) | mode)) < 0) {
 		DBG(CXT, ul_debugobj(cxt, "can't open backing device/file"));
 		myErrno = ENODEV;
 		rc = -MNT_ERR_LOOPDEV;