CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

CVE-2026-35374

The CVE concerns the split utility of uutils coreutils, where a TOCTOU race exists between a path-based check and subsequent opening with truncation. An attacker with directory write access can swap path components (e.g., via a symlink) during the race, causing split to truncate and write to an u...

CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

EUVD-2026-24795

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...

CVE-2026-31456

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...

CVE-2026-31456 mm/pagewalk: fix race between concurrent split and refault

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...

CVE-2026-31456

CVE-2026-31456 affects the Linux kernel mm/pagewalk: a race between concurrent splitting of a PUD entry in walk_pud_range() and a refault can cause a PMD range to disappear, triggering a kernel BUG during certain NUMA reads with VFIO-PCI DMA setup. The fix validates the PUD entry with a stable sn...

Linux Distros Unpatched Vulnerability : CVE-2026-35377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GN...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability, which stems from a race condition in split. This condition may allow local attackers to manipulate variable path components, causing split to truncate and...

Linux Distros Unpatched Vulnerability : CVE-2026-35375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The...

PT-2026-34513

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...

PT-2026-34361

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk pud range can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared...

PT-2026-34510

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

PT-2026-34511

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to string lossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a split logic error. When non-UTF-8-prefixed or -suffixed inputs are provided, the output file name may be corrupted, potentially causing fil...

Linux Distros Unpatched Vulnerability : CVE-2026-35374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for...

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...