An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like:
* gain access to possible private information found in /var/lib/pcrlock.d
* manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.
* overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.
This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-25701",
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"dateUpdated": "2026-02-25T10:59:58.372Z",
"dateReserved": "2026-02-05T15:37:24.183Z",
"datePublished": "2026-02-25T10:59:58.372Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse",
"dateUpdated": "2026-02-25T10:59:58.372Z"
},
"datePublic": "2026-02-18T08:18:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like:\n * gain access to possible private information found in /var/lib/pcrlock.d\n * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.\n * overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.\n\n\nThis issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like:<br><ul><li>gain access to possible private information found in /var/lib/pcrlock.d</li><li>manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.</li><li> overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.</li></ul><p>This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.</p>"
}
]
}
],
"affected": [
{
"vendor": "openSUSE",
"product": "sdbootutil",
"packageName": "sdbootutil",
"defaultStatus": "unaffected",
"versions": [
{
"version": "?",
"status": "affected",
"versionType": "git",
"lessThan": "5880246d3a02642dc68f5c8cb474bf63cdb56bca"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-377: Insecure Temporary File",
"cweId": "CWE-377",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1258241"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE",
"type": "finder"
}
]
}
}
}