Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Added fchmodat2 to the “change attributes” class. fchmodat2, introduced in version 6.6, is currently not included in the “change attributes” class of audit. Calling fchmodat2 to change a file’s attributes in the same way a...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-success — CVE-2026-31431 Compensating Control A defensiv...

CVE-2026-23241

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rules such...

CVE-2026-23241 audit: add missing syscalls to read class

In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rules such...

CVE-2025-71239 audit: add fchmodat2() to change attributes class

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...

CVE-2025-71239 audit: add fchmodat2() to change attributes class

In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...

CVE-2025-71239

CVE-2025-71239 affects the Linux kernel audit subsystem: fchmodat2() was not in the change-attributes class, allowing calls that change file attributes to bypass certain audit rules. The patch adds fchmodat2() to the change attributes class, addressing this bypass path. Public advisories document...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of certain system calls in the audit reading class. This vulnerability could potentially allow...

Linux Distros Unpatched Vulnerability : CVE-2025-71239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 ...

EUVD-2020-23170

Malware in sbrugna...

CVE-2025-59518

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server. Mitigation As a temporary...

Configure Audit Rules for File Access Control Permissions

File access permission control is the basic permission management in Linux. Different users can access different files after being authorized. This prevents sensitive information leakage or file data tampering between users and prevents common users from accessing high-permission files or...

Configure Audit Rules for Kernel Module Changes

Generally, for deployed services, the loaded kernel modules do not change. Therefore, changes in loaded kernel modules may indicate attacks. You are advised to audit and monitor kernel module changes for future tracing. By default, audit rules for kernel module changes are not configured in...

Configure Audit Rules for File System Mounting

Generally, for deployed services, the file system mounting does not change. Therefore, any change in the file system mounting may indicate attacks. For file systems with changes in mounting, audit and monitor their mounting conditions for tracing. By default, audit rules for file system mounting...

Ensure That auditd Is Enabled

The auditd component is a user-space component of the Linux audit framework, providing the auditctl, ausearch, and aureport programs to audit and view logs. Audit rules are configured using the auditctl program. When getting started, auditctl reads these rules from /etc/audit/audit.rules. The aud...

Configure Audit Rules for Privilege-Escalated Commands

Users can call privilege-escalated commands that is, commands with SUID/SGID bits to obtain the super administrator permissions. This operation is risky and often exploited by attackers. You are advised to audit and monitor privilege-escalated commands for future tracing. By default, audit rules...

Configure sudoers Audit Rules

The sudo command allows common users to perform privileged operations as the root user, which is highly risky. Though attackers cannot access the root user easily, they can escalate the privilege using the sudo command. You are advised to configure audit for the /etc/sudoers file and the...

Configure Audit Rules for File Deletion

Generally, it is highly risky to delete files in the OS. Misoperations by administrators or attacks may cause severe system faults. You are advised to audit and monitor system calls, such as rename, unlink, unlinkat, and renameat, and record deletion operation logs. Deleting system or service fil...

Configure Audit Rules for Privilege Escalation Operations

In openEuler, logs of privilege escalation operations using the sudo command are recorded in the /var/log/secure file by default. This file also records other authentication-related security logs. If you want to audit privilege escalation operations using sudo, you are advised to record logs...

Configure Audit Rules for File Access Failures

System calls, such as open, truncate, ftruncate, create and openat, are audited and monitored. If the -EACCES or -EPERM error is returned, you lack the permission to access the files. In this case, audit logs need to be recorded. File access failures due to a lack of proper permissions are common...