CVE-2025-71239
Analyzed Analyzed - Analysis Complete
Audit Bypass via Missing fchmodat2() in Linux Kernel

Publication date: 2026-03-17

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds fchmodat2() to the change attributes class.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-05-20
Generated
2026-06-16
AI Q&A
2026-03-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71239
EUVD
EUVD-2025-208776
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.6 (inc) to 6.6.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's audit system and the newly introduced fchmodat2() system call in version 6.6.

The fchmodat2() function allows changing file attributes similarly to chmod() or fchmodat(), but it was not initially included in the audit subsystem's 'change attributes' class.

As a result, using fchmodat2() to change file attributes could bypass audit rules designed to monitor such changes, potentially allowing attribute modifications without being logged.

The vulnerability was fixed by adding fchmodat2() to the audit's change attributes class, ensuring that attribute changes via this call are properly audited.

Impact Analysis

This vulnerability can impact you by allowing changes to file attributes to go undetected by the audit system if those changes are made using the fchmodat2() system call.

If audit rules are set to monitor and log file attribute changes for security or compliance reasons, this bypass means that some changes could occur without generating audit logs.

This lack of logging could hinder forensic investigations, reduce visibility into system changes, and potentially allow unauthorized modifications to go unnoticed.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart