CVE-2026-23241

Published: Mar 17, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds missing syscalls to the audit read class.

Vendor	Product	Versions
Linux	Linux	affected `6140be90ec70c39fa844741ca3cc807dd0866394 - < a2e8c144299c31d3972295ed80d4cb908daf4f6f` affected `6140be90ec70c39fa844741ca3cc807dd0866394 - < ad37505ce869a8100ff23f24eea117de7a7516bf` affected `6140be90ec70c39fa844741ca3cc807dd0866394 - < bcb90a2834c7393c26df9609b889a3097b7700cd`
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.18.16 - <= 6.18.` unaffected `6.19.6 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f

https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf

https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd

https://www.bencteux.fr/posts/missing_syscalls_audit/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23241

Description

Affected Products

References