Description
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.
Published: 2026-04-22
Score: 3.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized device access via SELinux label mismatch
Action: Apply Patch
AI Analysis

Impact

The mknod utility in uutils coreutils creates device nodes before assigning the SELinux context, so if labeling fails it leaves the node with the default context. This mis‑labeling can bypass mandatory access controls, allowing an attacker to access devices that should be restricted. The flaw is an instance of CWE-281 and CWE-459.

Affected Systems

The vulnerability affects the Uutils coreutils project, specifically the mknod command. No specific version range is listed, so any installation using the affected utility may be impacted.

Risk and Exploitability

The CVSS score is 3.4, indicating a low severity. No EPSS data is available, and the issue is not yet listed in CISA's KEV catalog. Exploitation requires the ability to run mknod on a system with SELinux enabled, so local privilege or the ability to invoke the command may be needed. If the attack succeeds, the attacker could gain unauthorized access to device nodes through mis‑applied SELinux labels, potentially compromising system integrity.

Generated by OpenCVE AI on April 27, 2026 at 08:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to uutils coreutils 0.6.0 or later which fixes the label and cleanup issues.
  • After upgrading, confirm that new device nodes receive the correct SELinux context by checking the context against the expected policy.
  • If an upgrade is not immediately possible, manually set the appropriate SELinux context on existing nodes or delete the mislabeled node with a utility that can remove device nodes, such as using chcon to restore the context or rm to remove the node.

Generated by OpenCVE AI on April 27, 2026 at 08:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-79rc-qpw3-jv92 uutils coreutils has an Improper Preservation of Permissions issue
History

Mon, 27 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Uutils
Uutils coreutils
CPEs cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*
Vendors & Products Uutils
Uutils coreutils

Wed, 22 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.
Title uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems
Weaknesses CWE-281
CWE-459
References
Metrics cvssV3_1

{'score': 3.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Uutils Coreutils
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-04-22T17:35:15.707Z

Reserved: 2026-04-02T12:58:56.088Z

Link: CVE-2026-35361

cve-icon Vulnrichment

Updated: 2026-04-22T17:34:30.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T17:16:38.827

Modified: 2026-04-27T12:27:20.527

Link: CVE-2026-35361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:54:21Z

Weaknesses