Privilege escalation via TOCTOU race condition in cap_set_file()
Summary
Privilege escalation via TOCTOU race condition in cap_set_file(). Red Hat rates this important (CVSS 6.7). Weakness: CWE-367. Affected package(s): rhaiis/model-opt-cuda-rhel9:1782352950, rhaiis/vllm-spyre-rhel9:1782352919, libcap, rhui5/haproxy-rhel9:1779798164, rhcos, libcap-main. Resolved in Red Hat advisory RHSA-2026:26542 — update the affected packages (`sudo dnf update`).
- rhaiis/model-opt-cuda-rhel9:1782352950
- rhaiis/vllm-spyre-rhel9:1782352919
- libcap-0:2.69-7.el10_2.1
- rhui5/haproxy-rhel9:1779798164
- libcap-0:2.69-7.el10_0.1
- libcap-0:2.69-7.el10_1.1
- rhcos-414.92.202606231112-0
- libcap-main-2.78-1.1.hum1
- discovery/discovery-server-rhel9:1782159791
- libcap-0:2.48-9.el9_4.1
- rhui5/rhua-rhel9:1779798222
- libcap-0:2.48-6.el8_10.1
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:26542
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:26542 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.