CVE-2026-23241

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has an issue where the 'at' variant of the getxattr() and listxattr() system calls are not included in the audit read class. This allows bypassing audit rules when calling getxattrat() or listxattrat() on a file to read its extended attributes. Specifically, rules defined with the -w option, such as -w /tmp/test -p rwa -k test rwa, may be circumvented. The current patch addresses this by adding the missing system calls to the audit read class.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.