#VU124081 Insufficient logging in Linux kernel - CVE-2026-23241
Published: March 17, 2026
Vulnerability identifier: #VU124081
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23241
CWE-ID: CWE-778
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to bypass audit logging for specific file operations.
The vulnerability exists due to improper input validation in the audit subsystem when handling getxattrat() and listxattrat() system calls. A local user can perform extended attribute retrieval operations on files to bypass configured audit rules intended to monitor read, write, and attribute access.
Successful exploitation requires the ability to execute system calls on files with extended attributes and existing audit rules that monitor attribute access. The impact includes reduced audit trail visibility, potentially enabling undetected access to sensitive files.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07
- https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a
- https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f
- https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf
- https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e
- https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd
- https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3
- https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb
- https://www.bencteux.fr/posts/missing_syscalls_audit/