Insecure Temporary File Vulnerability in openSUSE sdbootutil
CVE-2026-25701
7HIGH
What is CVE-2026-25701?
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to create directories that can lead to unauthorized access to sensitive information in /var/lib/pcrlock.d. This flaw also enables users to manipulate backup data in /tmp/pcrlock.d.bak, potentially compromising the integrity of restored data. Additionally, it permits overwriting protected system files through symlinks in the directory tree, further endangering system security.
Affected Version(s)
sdbootutil ? < 5880246d3a02642dc68f5c8cb474bf63cdb56bca