CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-79rc-qpw3-jv92: Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue

lowCVSS 3.4
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
low — CVSS 3.4
Published
2026-04-22
Last updated
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-79rc-qpw3-jv92

More from GitHub Security Advisories