CVE-2025-71239
audit: add fchmodat2() to change attributes class
Description
In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds fchmodat2() to the change attributes class.
INFO
Published Date :
March 17, 2026, 10:15 a.m.
Last Modified :
March 17, 2026, 10:15 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2025-71239
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel to version 6.6 or later.
- Apply the provided patch to include fchmodat2() in the audit rules.
- Verify audit rules correctly track file attribute changes.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-71239.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-71239 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-71239
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-71239 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-71239 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 17, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as: -w /tmp/test -p rwa -k test_rwa The current patch adds fchmodat2() to the change attributes class. Added Reference https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623 Added Reference https://git.kernel.org/stable/c/3ee75b13ea5f05ff9adc784b2464825bd70eb119 Added Reference https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc Added Reference https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef Added Reference https://git.kernel.org/stable/c/57489a89657cc94bf6ad8427d1902daba9156aa1 Added Reference https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741 Added Reference https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f Added Reference https://git.kernel.org/stable/c/f714315d7d68898d03093f67285256a8770f903c Added Reference https://www.bencteux.fr/posts/missing_syscalls_audit/