CVE-2025-71239

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-71239
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71239.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-71239
Downstream
Published
2026-03-17T09:11:03.386Z
Modified
2026-04-14T03:48:48.249542Z
Summary
audit: add fchmodat2() to change attributes class
Details

In the Linux kernel, the following vulnerability has been resolved:

audit: add fchmodat2() to change attributes class

fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashion than chmod() or fchmodat() will bypass audit rules such as:

-w /tmp/test -p rwa -k test_rwa

The current patch adds fchmodat2() to the change attributes class.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71239.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
09da082b07bbae1c11d9560c8502800039aebcea
Fixed
91e27bc79c3bca93c06bf5a471d47df9a35b3741
Fixed
3e762a03713e8c25ca0108c075d662c897fc0623
Fixed
4fed776ca86378da7dd743a7b648e20b025ba8ef
Fixed
c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f
Fixed
4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71239.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71239.json"