Lucene search
+L

66 matches found

euvd
euvd
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25004

mknod: Device nodes created mislabeled on SELinux, with broken cleanup removedir on a node...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

5.5CVSS5.9AI score0.00259EPSS
Exploits0References2
osv
osv
added 2026/04/22 6:31 p.m.5 views

GHSA-67HP-F6HQ-2H6G Duplicate Advisory: uutils coreutils Uses Incorrectly-Resolved Name or Reference

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8vrf-r662-2w2v. This link is maintained to preserve external references. Original Description The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block devic...

4.4CVSS5.9AI score0.00177EPSS
Exploits1References6
osv
osv
added 2026/04/22 6:31 p.m.6 views

GHSA-79RC-QPW3-JV92 Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before...

3.4CVSS5.9AI score0.00142EPSS
Exploits1References5
github
github
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2026/04/22 5:16 p.m.14 views

CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

4.4CVSS0.00142EPSS
Exploits1References2
nvd
nvd
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35358

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

5.5CVSS0.00177EPSS
Exploits1References3
osv
osv
added 2026/04/22 5:16 p.m.21 views

UBUNTU-CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References2
cve
cve
added 2026/04/22 4:8 p.m.16 views

CVE-2026-35361

The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

3.4CVSS5.8AI score0.00142EPSS
Exploits1References3
debiancve
debiancve
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35361

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

4.4CVSS5.3AI score0.00142EPSS
Exploits1
osv
osv
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

3.4CVSS5.9AI score0.00142EPSS
Exploits1References6
euvd
euvd
added 2026/04/22 3:31 p.m.8 views

EUVD-2026-24784

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails in this example, because the file system disabled th...

5.7AI score0.00443EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/04/22 1:53 p.m.6 views

CVE-2026-31448

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails in this example, because the file system disabled th...

5.7AI score0.00443EPSS
Exploits0References7Affected Software1
cve
cve
added 2026/04/22 1:53 p.m.42 views

CVE-2026-31448

CVE-2026-31448 concerns the Linux kernel ext4 filesystem. The issue arises on mkdir/mknod when an extent insertion fails and ext4_ext_map_blocks() reclaims blocks without removing corresponding data from the extent tree, allowing the same physical block to be referenced by both directory and xatt...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.10 views

PT-2026-34497

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The mknod utility fails to handle security labels atomically because it creates device nodes before setting the SELinux context. If the labeling process fails, the utility attempts...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References14
nessus
nessus
added 2026/04/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-35361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails,...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability arises from the process of creating device nodes using mknod and setting SELinux contexts. As a result, nodes with incorrect markings may b...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References1
nessus
nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : busybox-1.15.1-20.AXS4 (AXSA:2014-023:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-023:01 advisory. Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering fro...

7.2CVSS5.6AI score0.00623EPSS
Exploits5References2
Rows per page
Query Builder