A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the t…

A vulnerability in the chmod utility of uutils coreutils allows bypassing the --preserve-root safety mechanism. The implementation only validates literal / paths without canonicalization. Attackers can use path variants like /../ or symbolic links to execute destructive recursive operations on the root filesystem. This can lead to system-wide permission loss through commands like chmod -R 000. The vulnerability enables complete system breakdown by circumventing critical safety protections.