CVE-2026-35352
TOCTOU Race Condition in uutils mkfifo Enables Privilege Escalation
Publication date: 2026-04-22
Last updated on: 2026-05-04
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uutils | coreutils | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Time-of-Check to Time-of-Use (TOCTOU) race condition in the mkfifo utility of uutils coreutils. The utility first creates a FIFO (named pipe) and then changes its permissions using a path-based chmod operation. A local attacker who has write access to the parent directory can exploit the time gap between these two operations by replacing the newly created FIFO with a symbolic link pointing to an arbitrary file. As a result, the chmod command modifies the permissions of the targeted file instead of the FIFO, potentially allowing the attacker to escalate privileges if the utility is executed with elevated rights.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with write access to the parent directory to escalate their privileges on the affected system. By exploiting the race condition, the attacker can change permissions on arbitrary files, potentially gaining unauthorized access or control. This can lead to compromise of system integrity, confidentiality, and availability, especially if the mkfifo utility is run with elevated privileges.