2460797 – (CVE-2026-35357) CVE-2026-35357 rust-coreutils: cp: information disclosure via permission handling race

Bug 2460797 (CVE-2026-35357) - CVE-2026-35357 rust-coreutils: cp: information disclosure via permission handling race

Summary: CVE-2026-35357 rust-coreutils: cp: information disclosure via permission hand...

Keywords:
Status:	NEW
Alias:	CVE-2026-35357
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2461211 2461212
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 17:03 UTC by OSIDB Bzimport
Modified:	2026-04-24 19:02 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 17:03:14 UTC

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents.

Note You need to log in before you can comment on or make changes to this bug.