CVE-2025-71239
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds fchmodat2() to the change attributes class.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 5%
Affected Systems
- linux•linux
≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < f714315d7d68898d03093f67285256a8770f903c | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 3ee75b13ea5f05ff9adc784b2464825bd70eb119 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 57489a89657cc94bf6ad8427d1902daba9156aa1 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 91e27bc79c3bca93c06bf5a471d47df9a35b3741 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 3e762a03713e8c25ca0108c075d662c897fc0623 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 4fed776ca86378da7dd743a7b648e20b025ba8ef | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc | ≥ 09da082b07bbae1c11d9560c8502800039aebcea, < 91e27bc79c3bca93c06bf5a471d47df9a35b3741 | ≥ 09da082b07bbae1c11d9560c8502800039aebcea, < 3e762a03713e8c25ca0108c075d662c897fc0623 | ≥ 09da082b07bbae1c11d9560c8502800039aebcea, < 4fed776ca86378da7dd743a7b648e20b025ba8ef | ≥ 09da082b07bbae1c11d9560c8502800039aebcea, < c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f | ≥ 09da082b07bbae1c11d9560c8502800039aebcea, < 4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc | 6.6
- linux•linux_kernel
≥ 6.6, < 6.6.128 | ≥ 6.7, < 6.12.75 | ≥ 6.13, < 6.18.16 | ≥ 6.19, < 6.19.6
References (9)
- https://git.kernel.org/stable/c/f714315d7d68898d03093f67285256a8770f903c
- https://git.kernel.org/stable/c/3ee75b13ea5f05ff9adc784b2464825bd70eb119
- https://git.kernel.org/stable/c/57489a89657cc94bf6ad8427d1902daba9156aa1
- https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741
- https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623
- https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef
- https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f
- https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc
- https://www.bencteux.fr/posts/missing_syscalls_audit/