SB2026031750 - Insufficient logging in Linux kernel asm-generic
Published: March 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient logging (CVE-ID: CVE-2026-23241)
The vulnerability allows a local user to bypass audit logging for specific file operations.
The vulnerability exists due to improper input validation in the audit subsystem when handling getxattrat() and listxattrat() system calls. A local user can perform extended attribute retrieval operations on files to bypass configured audit rules intended to monitor read, write, and attribute access.
Successful exploitation requires the ability to execute system calls on files with extended attributes and existing audit rules that monitor attribute access. The impact includes reduced audit trail visibility, potentially enabling undetected access to sensitive files.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07
- https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a
- https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f
- https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf
- https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e
- https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd
- https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3
- https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb
- https://www.bencteux.fr/posts/missing_syscalls_audit/