CVE-2026-23241

{"id": "CVE-2026-23241", "cveTags": [], "metrics": {}, "published": "2026-03-17T10:16:00.127", "references": [{"url": "https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://www.bencteux.fr/posts/missing_syscalls_audit/", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add missing syscalls to read class\n\nThe \"at\" variant of getxattr() and listxattr() are missing from the\naudit read class. Calling getxattrat() or listxattrat() on a file to\nread its extended attributes will bypass audit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds missing syscalls to the audit read class."}], "lastModified": "2026-03-18T10:16:25.173", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}