Tag
high
threat
mkfifo: permissions of an existing file are changed after FIFO creation fails
3 TTPs 1 CVEA vulnerability (CVE-2026-35341) exists in the `uu_mkfifo` utility of `uutils coreutils`, affecting versions prior to 0.6.0. When `mkfifo()` fails because the target file already exists, the utility incorrectly proceeds to modify the permissions of the pre-existing file to `0644`. This can inadvertently relax permissions on sensitive owner-only files, such as SSH private keys, making them accessible to other users on the system and potentially enabling unauthorized access or information disclosure. The issue has been patched in PR #10376.
exploited
uu_mkfifo +1
vulnerability
linux
coreutils
permissions
information-disclosure
privilege-escalation
3t
1c
medium
advisory
CVE-2026-45932 bpf: Fix tcx/netkit Detach Permissions
2 rules 1 CVECVE-2026-45932 is a vulnerability affecting the bpf component, related to tcx/netkit detach permissions when the prog fd isn't given, requiring a security update from Microsoft.
cve
bpf
permissions
microsoft
2r
1c