CVE-2025-71239

Published: Mar 17, 2026Modified: May 20, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds fchmodat2() to the change attributes class.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.18.16
Linux Linux Kernel	From 6.19 to 6.19.6
Linux Linux Kernel	From 6.6 to 6.6.128
Linux Linux Kernel	From 6.7 to 6.12.75

References (6)

https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://www.bencteux.fr/posts/missing_syscalls_audit/

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Third Party Advisory

Timeline

No history available yet.