Upstream information
Description
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like:* gain access to possible private information found in /var/lib/pcrlock.d
* manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.
* overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.
This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.
SUSE information
Overall state of this security issue: New
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
SUSE Bugzilla entry: 1258241 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon Feb 16 14:15:20 2026CVE page last modified: Wed Feb 25 13:03:05 2026