CVE-2026-23241 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

audit: add missing syscalls to read class

The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Calling getxattrat() or listxattrat() on a file to
read its extended attributes will bypass audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds missing syscalls to the audit read class.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07
https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a
https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f
https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf
https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e
https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd
https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3
https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb
https://www.bencteux.fr/posts/missing_syscalls_audit/

History

Tue, 17 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds missing syscalls to the audit read class.
Title		audit: add missing syscalls to read class
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07 https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3 https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb https://www.bencteux.fr/posts/missing_syscalls_audit/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-17T09:11:04.913Z

Updated: 2026-03-17T09:11:04.913Z

Reserved: 2026-01-13T15:37:45.989Z

Link: CVE-2026-23241

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-17T10:16:00.127

Modified: 2026-03-17T10:16:00.127

Link: CVE-2026-23241

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object