CVE-2025-71239

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.6 and later

Description The Linux kernel includes an issue where the fchmodat2() function, introduced in version 6.6, was not included in the audit change attributes class. Calling fchmodat2() to modify file attributes in a manner similar to chmod() or fchmodat() could bypass audit rules, such as those defined with the -w flag. The current patch resolves this by adding fchmodat2() to the change attributes class. The fchmodat2() function allows changing file attributes. The audit rules are used to track file access and modifications. Bypassing these rules could allow unauthorized changes to file permissions and ownership.

Recommendations Linux kernel version 6.6 and later: Update the kernel to include the patch that adds fchmodat2() to the change attributes class.