CVE-2026-53367
Received Received - Intake

SELinux avdcache Permission Check Auditing Flaw

Vulnerability report for CVE-2026-53367, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: selinux: fix avdcache auditing The per-task avdcache was incorrectly saving and reusing the audited vector computed by avc_audit_required() rather than recomputing based on the currently requested permissions and distinguishing the denied versus allowed cases. As a result, some permission checks were not being audited, e.g. directory write checks after a previously cached directory search check. [PM: line wrap tweaks]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves incorrect handling of auditing for SELinux permission checks. The per-task avdcache was saving and reusing an audited vector that was not properly updated based on current permissions or distinguishing between denied and allowed cases. This led to some permission checks, such as directory write checks after a cached directory search, not being audited correctly.

Detection Guidance

This vulnerability is specific to the Linux kernel's SELinux auditing mechanism. Detection requires checking kernel logs for missing or incorrect permission audit entries related to directory operations. Examine audit logs for events where write permissions were not logged after a search permission check on the same directory. Use commands like 'ausearch -m avc' or 'journalctl -t audit' to review SELinux audit logs for inconsistencies in permission checks.

Impact Analysis

This vulnerability could impact you by allowing unauthorized or suspicious activities to go undetected in systems using SELinux. Since auditing is a critical security feature, incorrect auditing may result in missed security events, making it harder to investigate breaches or policy violations.

Compliance Impact

This vulnerability may affect compliance with standards requiring detailed audit logs, such as GDPR and HIPAA. If permission checks are not audited correctly, organizations may fail to maintain required records of access and activities, leading to potential compliance violations and legal risks.

Mitigation Strategies

Update your Linux kernel to the latest patched version to resolve the selinux avdcache auditing issue. Monitor system logs for any unusual permission denials or audit failures after applying the update.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53367. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart