CVE-2026-35344
Silent Data Corruption via Error Suppression in uutils dd Utility
Publication date: 2026-04-22
Last updated on: 2026-05-04
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uutils | coreutils | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the dd utility of uutils coreutils, where it suppresses errors during file truncation by always calling Result::ok() on truncation attempts.
While this behavior was intended to mimic GNU's handling of special files like /dev/null, it also hides failures on regular files and directories caused by issues such as full disks or read-only file systems.
As a result, the utility may report a successful operation even when the truncation actually failed, potentially leading to silent data corruption where old or garbage data remains in the destination file.
How can this vulnerability impact me? :
This vulnerability can lead to silent data corruption, especially in backup or migration scripts that rely on the dd utility to truncate files.
Because errors during truncation are suppressed, the utility may falsely indicate success, causing the destination file to retain old or invalid data without alerting the user.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to silent data corruption during file truncation operations, which may cause backup or migration scripts to report success even when the destination files contain old or incorrect data.
Such silent data corruption could impact compliance with standards and regulations like GDPR and HIPAA, which require data integrity and accuracy to protect personal and sensitive information.
If backups or data migrations are corrupted without detection, organizations might fail to maintain accurate records or restore data correctly, potentially violating data protection and integrity requirements.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the behavior of the `dd` utility when performing file truncation operations, especially on full disks or read-only file systems. Since `dd` exits with code 0 even when truncation fails, checking the exit status alone is insufficient.
To detect the issue, you can manually verify the integrity of the output files after running `dd` commands, ensuring that the files have been properly truncated or overwritten.
- Run `dd` commands and then check the file size and contents with `ls -l <file>` and `hexdump -C <file>` or `cmp` against the expected data.
- Check the exit status of `dd` with `echo $?` but be aware that it may report success even when truncation failed.
- Use filesystem monitoring tools to detect disk full or read-only conditions that could cause truncation failures.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding reliance on the `dd` utility from uutils coreutils for critical backup or migration scripts until a fix is applied.
Instead, use alternative tools or the GNU coreutils version of `dd` which correctly reports truncation errors.
Additionally, implement checks to verify the integrity and correctness of output files after `dd` operations, such as comparing file sizes and contents.
Monitor disk space and filesystem status to prevent running `dd` on full or read-only filesystems.