CVE-2026-35358: CWE-706: Use of Incorrectly-Resolved Name or Reference in Uutils coreutils
The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are destroyed (e.g., /dev/null becomes a regular file). This behavior can lead to runtime denial of service through disk exhaustion or process hangs when reading from unbounded device nodes.
AI Analysis
Technical Summary
The cp utility in uutils coreutils incorrectly processes character and block device nodes during recursive copy operations (-R). Instead of using mknod to recreate device nodes at the destination, it reads bytes from the source device nodes and writes them as regular files. This breaks the device semantics, causing device nodes to become normal files. This flaw can result in runtime denial of service through disk space exhaustion or process hangs when programs attempt to read from these improperly copied device files.
Potential Impact
The vulnerability does not affect confidentiality or integrity but impacts availability by causing denial of service conditions. Specifically, replacing device nodes with regular files can lead to disk exhaustion or cause processes to hang when reading from these files. This may disrupt system operations relying on proper device node behavior.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using the recursive copy (-R) option of cp in uutils coreutils on directories containing device nodes, or use alternative tools that correctly preserve device nodes during copy operations.
CVE-2026-35358: CWE-706: Use of Incorrectly-Resolved Name or Reference in Uutils coreutils
Description
The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are destroyed (e.g., /dev/null becomes a regular file). This behavior can lead to runtime denial of service through disk exhaustion or process hangs when reading from unbounded device nodes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The cp utility in uutils coreutils incorrectly processes character and block device nodes during recursive copy operations (-R). Instead of using mknod to recreate device nodes at the destination, it reads bytes from the source device nodes and writes them as regular files. This breaks the device semantics, causing device nodes to become normal files. This flaw can result in runtime denial of service through disk space exhaustion or process hangs when programs attempt to read from these improperly copied device files.
Potential Impact
The vulnerability does not affect confidentiality or integrity but impacts availability by causing denial of service conditions. Specifically, replacing device nodes with regular files can lead to disk exhaustion or cause processes to hang when reading from these files. This may disrupt system operations relying on proper device node behavior.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid using the recursive copy (-R) option of cp in uutils coreutils on directories containing device nodes, or use alternative tools that correctly preserve device nodes during copy operations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-02T12:58:56.087Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8f7d319fe3cd2cdd00ced
Added to database: 4/22/2026, 4:31:15 PM
Last enriched: 4/22/2026, 5:01:26 PM
Last updated: 4/23/2026, 1:04:09 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.