The cp utility in uutils coreutils does not correctly handle setuid and setgid bits when ownership preservation fails. When a user runs cp with the preserve flag (-p) and the underlying chown operation cannot change the file owner, the utility still applies the original mode bits to the target file. This results in the resulting file inheriting privileged bits, effectively creating a privileged executable owned by the user. The vulnerability allows local attackers to fabricate executables that run with elevated privileges, violating local security policies. The weakness is identified as CWE-281. Based on the description, the likely attack scenario involves a user copying a setuid setgid file to a location where they have write permissions, relying on the preserve flag, and thereby gaining the ability to execute code as a higher-privileged user.

The affected product is the uutils coreutils package. No specific version information is provided in the CVE data, so any installation of the current uutils coreutils release that contains the described implementation flaw is potentially vulnerable.

The vulnerability carries a CVSS score of 6.6, signifying moderate severity. The EPSS score of < 1% suggests a very low probability of exploitation, and the issue is not listed in the CISA KEV catalog. An attacker would need local access: the ability to read a source file that has setuid or setgid bits and the capability to write to a target directory where the copy will be placed. If the chown operation fails because the attacker does not have root permissions, the preserved setuid/setgid bits remain on the created file, giving the user the ability to execute code with elevated privileges. In typical desktop or server environments where unprivileged users have write access to directories that may receive copies of setuid files, the exploit conditions are achievable.