-

CVE-2025-71239

EPSS 0.04%
Veröffentlicht 17.03.2026 09:11:03
Zuletzt bearbeitet 18.03.2026 17:16:04
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

audit: add fchmodat2() to change attributes class

In the Linux kernel, the following vulnerability has been resolved:

audit: add fchmodat2() to change attributes class

fchmodat2(), introduced in version 6.6 is currently not in the change
attribute class of audit. Calling fchmodat2() to change a file
attribute in the same fashion than chmod() or fchmodat() will bypass
audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds fchmodat2() to the change attributes class.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 09da082b07bbae1c11d9560c8502800039aebcea

Version < 91e27bc79c3bca93c06bf5a471d47df9a35b3741

Status affected

Version 09da082b07bbae1c11d9560c8502800039aebcea

Version < 3e762a03713e8c25ca0108c075d662c897fc0623

Status affected

Version 09da082b07bbae1c11d9560c8502800039aebcea

Version < 4fed776ca86378da7dd743a7b648e20b025ba8ef

Status affected

Version 09da082b07bbae1c11d9560c8502800039aebcea

Version < c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f

Status affected

Version 09da082b07bbae1c11d9560c8502800039aebcea

Version < 4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version 0

Version < 6.6

Status unaffected

Version <= 6.6.*

Version 6.6.128

Status unaffected

Version <= 6.12.*

Version 6.12.75

Status unaffected

Version <= 6.18.*

Version 6.18.16

Status unaffected

Version <= 6.19.*

Version 6.19.6

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741

https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623

https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef

https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f

https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc

https://www.bencteux.fr/posts/missing_syscalls_audit/

https://nvd.nist.gov/vuln/detail/CVE-2025-71239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71239

EUVD