#VU124082 Insufficient logging in Linux kernel - CVE-2025-71239
Published: March 17, 2026
Vulnerability identifier: #VU124082
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-71239
CWE-ID: CWE-778
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to bypass audit logging.
The vulnerability exists due to improper audit event classification in the audit subsystem when handling the fchmodat2() system call. A local user can invoke fchmodat2() to change file attributes in a manner similar to chmod() or fchmodat(), which bypasses existing audit rules designed to monitor such operations.
The vulnerability specifically affects audit rules that monitor file attribute changes, allowing unauthorized attribute modifications to go unlogged. Authentication and local access are required to exploit this vulnerability.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623
- https://git.kernel.org/stable/c/3ee75b13ea5f05ff9adc784b2464825bd70eb119
- https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc
- https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef
- https://git.kernel.org/stable/c/57489a89657cc94bf6ad8427d1902daba9156aa1
- https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741
- https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f
- https://git.kernel.org/stable/c/f714315d7d68898d03093f67285256a8770f903c
- https://www.bencteux.fr/posts/missing_syscalls_audit/