Bug 2456336 (CVE-2026-32282) - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
Summary: CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks ...
Keywords:
Status: NEW
Alias: CVE-2026-32282
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2456942
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-08 02:01 UTC by OSIDB Bzimport
Modified: 2026-05-28 16:11 UTC (History)
158 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:10217 0 None None None 2026-04-23 21:35:57 UTC
Red Hat Product Errata RHSA-2026:10219 0 None None None 2026-04-24 02:33:44 UTC
Red Hat Product Errata RHSA-2026:10704 0 None None None 2026-04-27 02:09:39 UTC
Red Hat Product Errata RHSA-2026:11507 0 None None None 2026-04-29 07:28:14 UTC
Red Hat Product Errata RHSA-2026:11514 0 None None None 2026-04-29 08:02:08 UTC
Red Hat Product Errata RHSA-2026:11704 0 None None None 2026-04-29 13:03:40 UTC
Red Hat Product Errata RHSA-2026:11711 0 None None None 2026-04-29 13:27:15 UTC
Red Hat Product Errata RHSA-2026:11712 0 None None None 2026-04-29 13:09:49 UTC
Red Hat Product Errata RHSA-2026:11863 0 None None None 2026-04-29 17:50:41 UTC
Red Hat Product Errata RHSA-2026:14200 0 None None None 2026-05-06 15:29:47 UTC
Red Hat Product Errata RHSA-2026:14391 0 None None None 2026-05-06 21:10:24 UTC
Red Hat Product Errata RHSA-2026:15980 0 None None None 2026-05-11 12:18:08 UTC
Red Hat Product Errata RHSA-2026:16021 0 None None None 2026-05-11 18:31:50 UTC
Red Hat Product Errata RHSA-2026:16024 0 None None None 2026-05-11 16:19:49 UTC
Red Hat Product Errata RHSA-2026:16875 0 None None None 2026-05-13 07:59:44 UTC
Red Hat Product Errata RHSA-2026:17075 0 None None None 2026-05-13 15:06:03 UTC
Red Hat Product Errata RHSA-2026:17084 0 None None None 2026-05-13 15:36:35 UTC
Red Hat Product Errata RHSA-2026:18027 0 None None None 2026-05-18 08:56:33 UTC
Red Hat Product Errata RHSA-2026:18032 0 None None None 2026-05-18 09:21:25 UTC
Red Hat Product Errata RHSA-2026:19132 0 None None None 2026-05-19 16:05:44 UTC
Red Hat Product Errata RHSA-2026:19133 0 None None None 2026-05-19 16:06:21 UTC
Red Hat Product Errata RHSA-2026:19134 0 None None None 2026-05-19 16:10:46 UTC
Red Hat Product Errata RHSA-2026:19135 0 None None None 2026-05-19 16:07:42 UTC
Red Hat Product Errata RHSA-2026:19136 0 None None None 2026-05-19 16:07:08 UTC
Red Hat Product Errata RHSA-2026:19144 0 None None None 2026-05-19 16:09:16 UTC
Red Hat Product Errata RHSA-2026:19156 0 None None None 2026-05-19 16:10:18 UTC
Red Hat Product Errata RHSA-2026:19350 0 None None None 2026-05-19 21:37:36 UTC
Red Hat Product Errata RHSA-2026:19351 0 None None None 2026-05-19 21:38:34 UTC
Red Hat Product Errata RHSA-2026:19352 0 None None None 2026-05-19 21:38:44 UTC
Red Hat Product Errata RHSA-2026:19353 0 None None None 2026-05-19 21:39:24 UTC
Red Hat Product Errata RHSA-2026:19369 0 None None None 2026-05-19 21:41:25 UTC
Red Hat Product Errata RHSA-2026:19550 0 None None None 2026-05-20 08:28:46 UTC
Red Hat Product Errata RHSA-2026:19714 0 None None None 2026-05-20 16:19:27 UTC
Red Hat Product Errata RHSA-2026:19715 0 None None None 2026-05-20 16:20:59 UTC
Red Hat Product Errata RHSA-2026:19719 0 None None None 2026-05-20 16:41:17 UTC
Red Hat Product Errata RHSA-2026:19720 0 None None None 2026-05-20 16:53:41 UTC
Red Hat Product Errata RHSA-2026:19721 0 None None None 2026-05-20 16:48:27 UTC
Red Hat Product Errata RHSA-2026:19722 0 None None None 2026-05-20 16:56:14 UTC
Red Hat Product Errata RHSA-2026:19750 0 None None None 2026-05-20 17:23:07 UTC
Red Hat Product Errata RHSA-2026:19839 0 None None None 2026-05-20 23:53:18 UTC
Red Hat Product Errata RHSA-2026:20556 0 None None None 2026-05-26 03:42:16 UTC

Description OSIDB Bzimport 2026-04-08 02:01:35 UTC 
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
Comment 5 errata-xmlrpc 2026-04-23 21:35:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10217 https://access.redhat.com/errata/RHSA-2026:10217
Comment 6 errata-xmlrpc 2026-04-24 02:33:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10219 https://access.redhat.com/errata/RHSA-2026:10219
Comment 7 errata-xmlrpc 2026-04-27 02:09:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10704 https://access.redhat.com/errata/RHSA-2026:10704
Comment 8 errata-xmlrpc 2026-04-29 07:28:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11507 https://access.redhat.com/errata/RHSA-2026:11507
Comment 9 errata-xmlrpc 2026-04-29 08:02:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11514 https://access.redhat.com/errata/RHSA-2026:11514
Comment 10 errata-xmlrpc 2026-04-29 13:03:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11704 https://access.redhat.com/errata/RHSA-2026:11704
Comment 11 errata-xmlrpc 2026-04-29 13:09:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11712 https://access.redhat.com/errata/RHSA-2026:11712
Comment 12 errata-xmlrpc 2026-04-29 13:27:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11711 https://access.redhat.com/errata/RHSA-2026:11711
Comment 13 errata-xmlrpc 2026-04-29 17:50:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11863 https://access.redhat.com/errata/RHSA-2026:11863
Comment 17 errata-xmlrpc 2026-05-06 15:29:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:14200 https://access.redhat.com/errata/RHSA-2026:14200
Comment 18 errata-xmlrpc 2026-05-06 21:10:12 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:14391 https://access.redhat.com/errata/RHSA-2026:14391
Comment 19 errata-xmlrpc 2026-05-11 12:17:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:15980 https://access.redhat.com/errata/RHSA-2026:15980
Comment 20 errata-xmlrpc 2026-05-11 16:19:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:16024 https://access.redhat.com/errata/RHSA-2026:16024
Comment 21 errata-xmlrpc 2026-05-11 18:31:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:16021 https://access.redhat.com/errata/RHSA-2026:16021
Comment 22 errata-xmlrpc 2026-05-13 07:59:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:16875 https://access.redhat.com/errata/RHSA-2026:16875
Comment 23 errata-xmlrpc 2026-05-13 15:05:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:17075 https://access.redhat.com/errata/RHSA-2026:17075
Comment 24 errata-xmlrpc 2026-05-13 15:36:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17084 https://access.redhat.com/errata/RHSA-2026:17084
Comment 25 errata-xmlrpc 2026-05-18 08:56:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18027 https://access.redhat.com/errata/RHSA-2026:18027
Comment 26 errata-xmlrpc 2026-05-18 09:21:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18032 https://access.redhat.com/errata/RHSA-2026:18032
Comment 27 errata-xmlrpc 2026-05-19 16:05:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19132 https://access.redhat.com/errata/RHSA-2026:19132
Comment 28 errata-xmlrpc 2026-05-19 16:06:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19133 https://access.redhat.com/errata/RHSA-2026:19133
Comment 29 errata-xmlrpc 2026-05-19 16:06:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19134 https://access.redhat.com/errata/RHSA-2026:19134
Comment 30 errata-xmlrpc 2026-05-19 16:06:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19136 https://access.redhat.com/errata/RHSA-2026:19136
Comment 31 errata-xmlrpc 2026-05-19 16:07:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19135 https://access.redhat.com/errata/RHSA-2026:19135
Comment 32 errata-xmlrpc 2026-05-19 16:09:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19144 https://access.redhat.com/errata/RHSA-2026:19144
Comment 33 errata-xmlrpc 2026-05-19 16:10:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19156 https://access.redhat.com/errata/RHSA-2026:19156
Comment 34 errata-xmlrpc 2026-05-19 21:37:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19350 https://access.redhat.com/errata/RHSA-2026:19350
Comment 35 errata-xmlrpc 2026-05-19 21:38:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19351 https://access.redhat.com/errata/RHSA-2026:19351
Comment 36 errata-xmlrpc 2026-05-19 21:38:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19352 https://access.redhat.com/errata/RHSA-2026:19352
Comment 37 errata-xmlrpc 2026-05-19 21:39:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19353 https://access.redhat.com/errata/RHSA-2026:19353
Comment 38 errata-xmlrpc 2026-05-19 21:41:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19369 https://access.redhat.com/errata/RHSA-2026:19369
Comment 39 errata-xmlrpc 2026-05-20 08:28:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19550 https://access.redhat.com/errata/RHSA-2026:19550
Comment 40 errata-xmlrpc 2026-05-20 16:19:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19714 https://access.redhat.com/errata/RHSA-2026:19714
Comment 41 errata-xmlrpc 2026-05-20 16:20:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19715 https://access.redhat.com/errata/RHSA-2026:19715
Comment 42 errata-xmlrpc 2026-05-20 16:41:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19719 https://access.redhat.com/errata/RHSA-2026:19719
Comment 43 errata-xmlrpc 2026-05-20 16:48:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:19721 https://access.redhat.com/errata/RHSA-2026:19721
Comment 44 errata-xmlrpc 2026-05-20 16:53:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19720 https://access.redhat.com/errata/RHSA-2026:19720
Comment 45 errata-xmlrpc 2026-05-20 16:56:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19722 https://access.redhat.com/errata/RHSA-2026:19722
Comment 46 errata-xmlrpc 2026-05-20 17:22:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19750 https://access.redhat.com/errata/RHSA-2026:19750
Comment 47 errata-xmlrpc 2026-05-20 23:53:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19839 https://access.redhat.com/errata/RHSA-2026:19839
Comment 48 errata-xmlrpc 2026-05-26 03:42:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20556 https://access.redhat.com/errata/RHSA-2026:20556
Note You need to log in before you can comment on or make changes to this bug.