Vulnerability Description
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704
- http://www.openwall.com/lists/oss-security/2026/04/16/3
FAQ
What is CVE-2026-25704?
CVE-2026-25704 is a documented vulnerability. A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and a...
How severe is CVE-2026-25704?
CVSS scoring is not yet available for CVE-2026-25704. Check NVD for updates.
Is there a patch for CVE-2026-25704?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.