| Summary | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls. |
|---|---|
| Publication Date | April 23, 2026, 2:16 a.m. |
| Registration Date | April 25, 2026, 4:05 a.m. |
| Last Update | April 23, 2026, 6:23 a.m. |
| CVSS3.1 : LOW | |
| スコア | 3.4 |
|---|---|
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
| 攻撃元区分(AV) | ローカル |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 高 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | 低 |
| 完全性への影響(I) | 低 |
| 可用性への影響(A) | なし |