2460776 – (CVE-2026-35339) CVE-2026-35339 rust-coreutils: chmod: false success exit code in recursive mode

Bug 2460776 (CVE-2026-35339) - CVE-2026-35339 rust-coreutils: chmod: false success exit code in recursive mode

Summary: CVE-2026-35339 rust-coreutils: chmod: false success exit code in recursive mode

Keywords:
Status:	NEW
Alias:	CVE-2026-35339
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2461667 2461668
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 17:02 UTC by OSIDB Bzimport
Modified:	2026-04-24 19:50 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 17:02:04 UTC

The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions.

Note You need to log in before you can comment on or make changes to this bug.