Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massive process termination. This differs from GNU coreutils, which correctly recognizes -1 as a signal number in this context and would instead report a missing PID argument.
AnalysisAI
Local denial of service in uutils coreutils kill utility before version 0.6.0 allows unprivileged users to crash the system or terminate all visible processes by exploiting incorrect argument parsing that sends SIGTERM to PID -1 instead of reporting a missing PID argument. The vulnerability requires local access and can be triggered without user interaction, distinguishing it from the correct behavior in GNU coreutils where -1 is interpreted as a signal number rather than a process identifier.
Technical ContextAI
The uutils coreutils kill utility is a Rust implementation of the POSIX kill command. The vulnerability stems from improper argument parsing (CWE-20: Improper Input Validation) in how the utility interprets the command-line arguments. When invoked as 'kill -1', the utility incorrectly parses '-1' as a signal specifier (interpreting it as the default SIGTERM signal) rather than as a process identifier, resulting in a call to the kernel that targets PID -1. In Unix/Linux kernel semantics, sending a signal to PID -1 is a special case that broadcasts the signal to all processes visible to the calling user, triggering widespread process termination. GNU coreutils correctly handles this edge case by recognizing '-1' as a signal number in context and reporting a missing PID argument instead.
RemediationAI
Upgrade uutils coreutils to version 0.6.0 or later. Vendor-released patch is available via the official release at https://github.com/uutils/coreutils/releases/tag/0.6.0 and was merged upstream in PR #9700. For systems unable to immediately upgrade, restrict execution of the kill utility to trusted users only via Unix file permissions (e.g., chmod 750 on the coreutils binary directory or chmod u+s,go-rx on the kill executable if it must remain available), or use SELinux/AppArmor policies to prevent untrusted processes from executing kill with arbitrary arguments. Note that permission-based mitigations may break legitimate kill functionality for unprivileged users and should be evaluated in context of each deployment's operational requirements.
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly ex
Privilege escalation to root in uutils coreutils chroot utility allows low-privileged local attackers with write access
Recursive chmod operations can bypass --preserve-root protection in uutils coreutils versions prior to 0.6.0, allowing l
Local privilege escalation in uutils coreutils mkfifo allows authenticated users to downgrade permissions on arbitrary f
Privilege escalation in uutils coreutils mkfifo utility allows local attackers with low privileges to manipulate file pe
Bypass of --preserve-root protection in uutils coreutils rm utility allows local users to recursively delete the root fi
The mv utility in uutils coreutils improperly expands symbolic links instead of preserving them during moves across file
The cp utility in uutils coreutils improperly preserves setuid and setgid bits when the chown operation fails during fil
The split utility in uutils coreutils contains a time-of-check to time-of-use (TOCTOU) race condition that allows local
A time-of-check to time-of-use (TOCTOU) race condition in the mv utility of uutils coreutils during cross-device move op
The touch utility in uutils coreutils suffers from a Time-of-Check to Time-of-Use (TOCTOU) race condition that allows lo
Privilege escalation via symlink attack in uutils coreutils install utility when using the -D flag allows local attacker
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25017
GHSA-gpcg-h6x2-c26p