Bug 2456336 (CVE-2026-32282) - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
Summary: CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks ...
Keywords:
Status: NEW
Alias: CVE-2026-32282
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2456942
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-08 02:01 UTC by OSIDB Bzimport
Modified: 2026-07-08 15:50 UTC (History)
163 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:10217 0 None None None 2026-04-23 21:35:57 UTC
Red Hat Product Errata RHSA-2026:10219 0 None None None 2026-04-24 02:33:44 UTC
Red Hat Product Errata RHSA-2026:10704 0 None None None 2026-04-27 02:09:39 UTC
Red Hat Product Errata RHSA-2026:11507 0 None None None 2026-04-29 07:28:14 UTC
Red Hat Product Errata RHSA-2026:11514 0 None None None 2026-04-29 08:02:08 UTC
Red Hat Product Errata RHSA-2026:11704 0 None None None 2026-04-29 13:03:40 UTC
Red Hat Product Errata RHSA-2026:11711 0 None None None 2026-04-29 13:27:15 UTC
Red Hat Product Errata RHSA-2026:11712 0 None None None 2026-04-29 13:09:49 UTC
Red Hat Product Errata RHSA-2026:11863 0 None None None 2026-04-29 17:50:41 UTC
Red Hat Product Errata RHSA-2026:14200 0 None None None 2026-05-06 15:29:47 UTC
Red Hat Product Errata RHSA-2026:14391 0 None None None 2026-05-06 21:10:24 UTC
Red Hat Product Errata RHSA-2026:15980 0 None None None 2026-05-11 12:18:08 UTC
Red Hat Product Errata RHSA-2026:16021 0 None None None 2026-05-11 18:31:50 UTC
Red Hat Product Errata RHSA-2026:16024 0 None None None 2026-05-11 16:19:49 UTC
Red Hat Product Errata RHSA-2026:16875 0 None None None 2026-05-13 07:59:44 UTC
Red Hat Product Errata RHSA-2026:17075 0 None None None 2026-05-13 15:06:03 UTC
Red Hat Product Errata RHSA-2026:17084 0 None None None 2026-05-13 15:36:35 UTC
Red Hat Product Errata RHSA-2026:18027 0 None None None 2026-05-18 08:56:33 UTC
Red Hat Product Errata RHSA-2026:18032 0 None None None 2026-05-18 09:21:25 UTC
Red Hat Product Errata RHSA-2026:19132 0 None None None 2026-05-19 16:05:44 UTC
Red Hat Product Errata RHSA-2026:19133 0 None None None 2026-05-19 16:06:21 UTC
Red Hat Product Errata RHSA-2026:19134 0 None None None 2026-05-19 16:10:46 UTC
Red Hat Product Errata RHSA-2026:19135 0 None None None 2026-05-19 16:07:42 UTC
Red Hat Product Errata RHSA-2026:19136 0 None None None 2026-05-19 16:07:08 UTC
Red Hat Product Errata RHSA-2026:19144 0 None None None 2026-05-19 16:09:16 UTC
Red Hat Product Errata RHSA-2026:19156 0 None None None 2026-05-19 16:10:18 UTC
Red Hat Product Errata RHSA-2026:19350 0 None None None 2026-05-19 21:37:36 UTC
Red Hat Product Errata RHSA-2026:19351 0 None None None 2026-05-19 21:38:34 UTC
Red Hat Product Errata RHSA-2026:19352 0 None None None 2026-05-19 21:38:44 UTC
Red Hat Product Errata RHSA-2026:19353 0 None None None 2026-05-19 21:39:24 UTC
Red Hat Product Errata RHSA-2026:19369 0 None None None 2026-05-19 21:41:25 UTC
Red Hat Product Errata RHSA-2026:19550 0 None None None 2026-05-20 08:28:46 UTC
Red Hat Product Errata RHSA-2026:19714 0 None None None 2026-05-20 16:19:27 UTC
Red Hat Product Errata RHSA-2026:19715 0 None None None 2026-05-20 16:20:59 UTC
Red Hat Product Errata RHSA-2026:19719 0 None None None 2026-05-20 16:41:17 UTC
Red Hat Product Errata RHSA-2026:19720 0 None None None 2026-05-20 16:53:41 UTC
Red Hat Product Errata RHSA-2026:19721 0 None None None 2026-05-20 16:48:27 UTC
Red Hat Product Errata RHSA-2026:19722 0 None None None 2026-05-20 16:56:14 UTC
Red Hat Product Errata RHSA-2026:19750 0 None None None 2026-05-20 17:23:07 UTC
Red Hat Product Errata RHSA-2026:19839 0 None None None 2026-05-20 23:53:18 UTC
Red Hat Product Errata RHSA-2026:20556 0 None None None 2026-05-26 03:42:16 UTC
Red Hat Product Errata RHSA-2026:22141 0 None None None 2026-06-01 02:07:20 UTC
Red Hat Product Errata RHSA-2026:22450 0 None None None 2026-06-02 11:07:52 UTC
Red Hat Product Errata RHSA-2026:22709 0 None None None 2026-06-03 07:20:08 UTC
Red Hat Product Errata RHSA-2026:22714 0 None None None 2026-06-03 08:01:35 UTC
Red Hat Product Errata RHSA-2026:22937 0 None None None 2026-06-03 18:50:21 UTC
Red Hat Product Errata RHSA-2026:23228 0 None None None 2026-06-04 13:11:17 UTC
Red Hat Product Errata RHSA-2026:24337 0 None None None 2026-06-08 01:46:33 UTC
Red Hat Product Errata RHSA-2026:24716 0 None None None 2026-06-09 06:47:40 UTC
Red Hat Product Errata RHSA-2026:24761 0 None None None 2026-06-09 11:03:45 UTC
Red Hat Product Errata RHSA-2026:24762 0 None None None 2026-06-09 11:02:01 UTC
Red Hat Product Errata RHSA-2026:25999 0 None None None 2026-06-15 14:49:17 UTC
Red Hat Product Errata RHSA-2026:27076 0 None None None 2026-06-18 12:18:24 UTC
Red Hat Product Errata RHSA-2026:27732 0 None None None 2026-06-22 03:11:42 UTC
Red Hat Product Errata RHSA-2026:28038 0 None None None 2026-06-22 20:28:14 UTC
Red Hat Product Errata RHSA-2026:28046 0 None None None 2026-06-22 20:57:55 UTC
Red Hat Product Errata RHSA-2026:28047 0 None None None 2026-06-22 20:59:43 UTC
Red Hat Product Errata RHSA-2026:28385 0 None None None 2026-06-23 18:42:36 UTC
Red Hat Product Errata RHSA-2026:34366 0 None None None 2026-07-01 17:27:37 UTC
Red Hat Product Errata RHSA-2026:34368 0 None None None 2026-07-01 17:28:50 UTC
Red Hat Product Errata RHSA-2026:36796 0 None None None 2026-07-08 15:50:33 UTC

Description OSIDB Bzimport 2026-04-08 02:01:35 UTC
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

Comment 5 errata-xmlrpc 2026-04-23 21:35:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10217 https://access.redhat.com/errata/RHSA-2026:10217

Comment 6 errata-xmlrpc 2026-04-24 02:33:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10219 https://access.redhat.com/errata/RHSA-2026:10219

Comment 7 errata-xmlrpc 2026-04-27 02:09:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10704 https://access.redhat.com/errata/RHSA-2026:10704

Comment 8 errata-xmlrpc 2026-04-29 07:28:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11507 https://access.redhat.com/errata/RHSA-2026:11507

Comment 9 errata-xmlrpc 2026-04-29 08:02:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11514 https://access.redhat.com/errata/RHSA-2026:11514

Comment 10 errata-xmlrpc 2026-04-29 13:03:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11704 https://access.redhat.com/errata/RHSA-2026:11704

Comment 11 errata-xmlrpc 2026-04-29 13:09:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11712 https://access.redhat.com/errata/RHSA-2026:11712

Comment 12 errata-xmlrpc 2026-04-29 13:27:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11711 https://access.redhat.com/errata/RHSA-2026:11711

Comment 13 errata-xmlrpc 2026-04-29 17:50:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11863 https://access.redhat.com/errata/RHSA-2026:11863

Comment 17 errata-xmlrpc 2026-05-06 15:29:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:14200 https://access.redhat.com/errata/RHSA-2026:14200

Comment 18 errata-xmlrpc 2026-05-06 21:10:12 UTC
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:14391 https://access.redhat.com/errata/RHSA-2026:14391

Comment 19 errata-xmlrpc 2026-05-11 12:17:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:15980 https://access.redhat.com/errata/RHSA-2026:15980

Comment 20 errata-xmlrpc 2026-05-11 16:19:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:16024 https://access.redhat.com/errata/RHSA-2026:16024

Comment 21 errata-xmlrpc 2026-05-11 18:31:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:16021 https://access.redhat.com/errata/RHSA-2026:16021

Comment 22 errata-xmlrpc 2026-05-13 07:59:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:16875 https://access.redhat.com/errata/RHSA-2026:16875

Comment 23 errata-xmlrpc 2026-05-13 15:05:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:17075 https://access.redhat.com/errata/RHSA-2026:17075

Comment 24 errata-xmlrpc 2026-05-13 15:36:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:17084 https://access.redhat.com/errata/RHSA-2026:17084

Comment 25 errata-xmlrpc 2026-05-18 08:56:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18027 https://access.redhat.com/errata/RHSA-2026:18027

Comment 26 errata-xmlrpc 2026-05-18 09:21:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:18032 https://access.redhat.com/errata/RHSA-2026:18032

Comment 27 errata-xmlrpc 2026-05-19 16:05:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19132 https://access.redhat.com/errata/RHSA-2026:19132

Comment 28 errata-xmlrpc 2026-05-19 16:06:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19133 https://access.redhat.com/errata/RHSA-2026:19133

Comment 29 errata-xmlrpc 2026-05-19 16:06:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19134 https://access.redhat.com/errata/RHSA-2026:19134

Comment 30 errata-xmlrpc 2026-05-19 16:06:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19136 https://access.redhat.com/errata/RHSA-2026:19136

Comment 31 errata-xmlrpc 2026-05-19 16:07:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19135 https://access.redhat.com/errata/RHSA-2026:19135

Comment 32 errata-xmlrpc 2026-05-19 16:09:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19144 https://access.redhat.com/errata/RHSA-2026:19144

Comment 33 errata-xmlrpc 2026-05-19 16:10:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19156 https://access.redhat.com/errata/RHSA-2026:19156

Comment 34 errata-xmlrpc 2026-05-19 21:37:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19350 https://access.redhat.com/errata/RHSA-2026:19350

Comment 35 errata-xmlrpc 2026-05-19 21:38:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19351 https://access.redhat.com/errata/RHSA-2026:19351

Comment 36 errata-xmlrpc 2026-05-19 21:38:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19352 https://access.redhat.com/errata/RHSA-2026:19352

Comment 37 errata-xmlrpc 2026-05-19 21:39:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19353 https://access.redhat.com/errata/RHSA-2026:19353

Comment 38 errata-xmlrpc 2026-05-19 21:41:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19369 https://access.redhat.com/errata/RHSA-2026:19369

Comment 39 errata-xmlrpc 2026-05-20 08:28:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19550 https://access.redhat.com/errata/RHSA-2026:19550

Comment 40 errata-xmlrpc 2026-05-20 16:19:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19714 https://access.redhat.com/errata/RHSA-2026:19714

Comment 41 errata-xmlrpc 2026-05-20 16:20:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19715 https://access.redhat.com/errata/RHSA-2026:19715

Comment 42 errata-xmlrpc 2026-05-20 16:41:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19719 https://access.redhat.com/errata/RHSA-2026:19719

Comment 43 errata-xmlrpc 2026-05-20 16:48:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:19721 https://access.redhat.com/errata/RHSA-2026:19721

Comment 44 errata-xmlrpc 2026-05-20 16:53:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19720 https://access.redhat.com/errata/RHSA-2026:19720

Comment 45 errata-xmlrpc 2026-05-20 16:56:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19722 https://access.redhat.com/errata/RHSA-2026:19722

Comment 46 errata-xmlrpc 2026-05-20 17:22:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:19750 https://access.redhat.com/errata/RHSA-2026:19750

Comment 47 errata-xmlrpc 2026-05-20 23:53:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:19839 https://access.redhat.com/errata/RHSA-2026:19839

Comment 48 errata-xmlrpc 2026-05-26 03:42:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20556 https://access.redhat.com/errata/RHSA-2026:20556

Comment 50 errata-xmlrpc 2026-06-01 02:07:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22141 https://access.redhat.com/errata/RHSA-2026:22141

Comment 51 errata-xmlrpc 2026-06-02 11:07:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22450 https://access.redhat.com/errata/RHSA-2026:22450

Comment 52 errata-xmlrpc 2026-06-03 07:20:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22709 https://access.redhat.com/errata/RHSA-2026:22709

Comment 53 errata-xmlrpc 2026-06-03 08:01:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:22714 https://access.redhat.com/errata/RHSA-2026:22714

Comment 57 errata-xmlrpc 2026-06-03 18:50:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22937 https://access.redhat.com/errata/RHSA-2026:22937

Comment 58 errata-xmlrpc 2026-06-04 13:11:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:23228 https://access.redhat.com/errata/RHSA-2026:23228

Comment 59 errata-xmlrpc 2026-06-08 01:46:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:24337 https://access.redhat.com/errata/RHSA-2026:24337

Comment 60 errata-xmlrpc 2026-06-09 06:47:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:24716 https://access.redhat.com/errata/RHSA-2026:24716

Comment 61 errata-xmlrpc 2026-06-09 11:01:53 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 9
  Red Hat Ansible Automation Platform 2.6 for RHEL 10

Via RHSA-2026:24762 https://access.redhat.com/errata/RHSA-2026:24762

Comment 62 errata-xmlrpc 2026-06-09 11:03:36 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2026:24761 https://access.redhat.com/errata/RHSA-2026:24761

Comment 63 errata-xmlrpc 2026-06-15 14:49:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:25999 https://access.redhat.com/errata/RHSA-2026:25999

Comment 64 errata-xmlrpc 2026-06-18 12:18:16 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2026:27076 https://access.redhat.com/errata/RHSA-2026:27076

Comment 65 errata-xmlrpc 2026-06-22 03:11:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:27732 https://access.redhat.com/errata/RHSA-2026:27732

Comment 66 errata-xmlrpc 2026-06-22 20:28:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:28038 https://access.redhat.com/errata/RHSA-2026:28038

Comment 67 errata-xmlrpc 2026-06-22 20:57:47 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2026:28046 https://access.redhat.com/errata/RHSA-2026:28046

Comment 68 errata-xmlrpc 2026-06-22 20:59:35 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2026:28047 https://access.redhat.com/errata/RHSA-2026:28047

Comment 69 errata-xmlrpc 2026-06-23 18:42:28 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.18 for RHEL 9

Via RHSA-2026:28385 https://access.redhat.com/errata/RHSA-2026:28385

Comment 70 errata-xmlrpc 2026-07-01 17:27:28 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.17 for RHEL 9

Via RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366

Comment 71 errata-xmlrpc 2026-07-01 17:28:41 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.18 for RHEL 9

Via RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368

Comment 72 errata-xmlrpc 2026-07-08 15:50:24 UTC
This issue has been addressed in the following products:

  RHEM 1.0 for RHEL 9

Via RHSA-2026:36796 https://access.redhat.com/errata/RHSA-2026:36796


Note You need to log in before you can comment on or make changes to this bug.