GHSA-c2fm-fx6j-95j7MediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls...

Published
March 17, 2026
Last Modified
May 20, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

audit: add missing syscalls to read class

The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes will bypass audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds missing syscalls to the audit read class.

🔗 References (11)