A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link between these two operations. This redirects the chmod call to an arbitrary file, potentially enabling privilege escalation if the utility is run with elevated privileges.
0.0.20-10.0.22-10.0.23-10.0.23-20.0.23-30.0.24-10.0.24-20.0.30-10.0.30-20.0.30-2ubuntu20.1.0+git20250711.2ba3a33-0ubuntu10.1.0+git20250711.2ba3a33-0ubuntu20.1.0+git20250711.2ba3a33-0ubuntu30.1.0+git20250711.2ba3a33-0ubuntu40.1.0+git20250801.cf79675-0ubuntu10.1.0+git20250813.4af2a84-0ubuntu20.1.0+git20250813.4af2a84-0ubuntu4+6 more0.2.2-0ubuntu20.2.2-0ubuntu40.5.0-0ubuntu10.5.0-0ubuntu20.6.0-0ubuntu10.7.0-0ubuntu10.8.0-0ubuntu3Exploitability
AV:LAC:HPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H