CVE-2025-71239
Audit Bypass via Missing fchmodat2() in Linux Kernel
Publication date: 2026-03-17
Last updated on: 2026-03-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's audit system and the newly introduced fchmodat2() system call in version 6.6.
The fchmodat2() function allows changing file attributes similarly to chmod() or fchmodat(), but it was not initially included in the audit subsystem's 'change attributes' class.
As a result, using fchmodat2() to change file attributes could bypass audit rules designed to monitor such changes, potentially allowing attribute modifications without being logged.
The vulnerability was fixed by adding fchmodat2() to the audit's change attributes class, ensuring that attribute changes via this call are properly audited.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing changes to file attributes to go undetected by the audit system if those changes are made using the fchmodat2() system call.
If audit rules are set to monitor and log file attribute changes for security or compliance reasons, this bypass means that some changes could occur without generating audit logs.
This lack of logging could hinder forensic investigations, reduce visibility into system changes, and potentially allow unauthorized modifications to go unnoticed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know