A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-bas…

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in the mkfifo utility of uutils coreutils. The flaw occurs when the utility creates a FIFO and then performs a path-based chmod operation to set permissions. A local attacker with write access to the parent directory can exploit this by swapping the newly created FIFO for a symbolic link between these two operations. This attack redirects the chmod call to an arbitrary file, potentially enabling privilege escalation when the utility runs with elevated privileges. The vulnerability represents a classic race condition where an attacker can manipulate the file system state between security checks and resource usage.