SB2026031751 - Audit logging bypass in Linux kernel asm-generic
Published: March 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient logging (CVE-ID: CVE-2025-71239)
The vulnerability allows a local user to bypass audit logging.
The vulnerability exists due to improper audit event classification in the audit subsystem when handling the fchmodat2() system call. A local user can invoke fchmodat2() to change file attributes in a manner similar to chmod() or fchmodat(), which bypasses existing audit rules designed to monitor such operations.
The vulnerability specifically affects audit rules that monitor file attribute changes, allowing unauthorized attribute modifications to go unlogged. Authentication and local access are required to exploit this vulnerability.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623
- https://git.kernel.org/stable/c/3ee75b13ea5f05ff9adc784b2464825bd70eb119
- https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc
- https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef
- https://git.kernel.org/stable/c/57489a89657cc94bf6ad8427d1902daba9156aa1
- https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741
- https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f
- https://git.kernel.org/stable/c/f714315d7d68898d03093f67285256a8770f903c
- https://www.bencteux.fr/posts/missing_syscalls_audit/