CVE-2026-23241Protection Mechanism Failure in Linux

CWE-693Protection Mechanism Failure9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 17

Description

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds missing syscalls to the audit read class.

Affected Packages3 packages

Linuxlinux/linux_kernel6.13.06.18.16+1
Debianlinux/linux_kernel< 6.19.6-1
CVEListV5linux/linux6140be90ec70c39fa844741ca3cc807dd0866394a2e8c144299c31d3972295ed80d4cb908daf4f6f+3

🔴Vulnerability Details

4
CVEList
audit: add missing syscalls to read class2026-03-17
GHSA
GHSA-c2fm-fx6j-95j7: In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and lis2026-03-17
OSV
CVE-2026-23241: In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listx2026-03-17
OSV
audit: add missing syscalls to read class2026-03-17

📋Vendor Advisories

3
Red Hat
kernel: audit: add missing syscalls to read class2026-03-17
Microsoft
audit: add missing syscalls to read class2026-03-10
Debian
CVE-2026-23241: linux - In the Linux kernel, the following vulnerability has been resolved: audit: add ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23241 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23241 — Protection Mechanism Failure in Linux | cvebase