cpio is vulnerable to a time-of-check/time-of-use attack, where a user MIGHT be able to change the permissions of arbitrary files on the system, when cpio is being used to unpack an archive. The likelyhood of this attack working is EXTREMELY low.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/37216/cpio-toctou.txt
Source: https://packetstormsecurity.com/files/37216/cpio-toctou.txt.html