CVE-2026-23241

medium

Description

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds missing syscalls to the audit read class.

References

https://www.bencteux.fr/posts/missing_syscalls_audit/

https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd

https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf

https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f

Details

Source: Mitre, NVD

Published: 2026-03-17

Updated: 2026-03-18

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00033