CVE-2026-53287

Public on 2026-06-26
Modified on 2026-07-03
Description
In the Linux kernel, the following vulnerability has been resolved:

audit: fix incorrect inheritable capability in CAPSET records

__audit_log_capset() records the effective capability set into the
inheritable field due to a copy-paste error. Every CAPSET audit
record therefore reports cap_pi (process inheritable) with the value
of cap_effective instead of cap_inheritable.

This silently corrupts audit data used for compliance and forensic
analysis: an attacker who modifies inheritable capabilities to
prepare for a privilege-escalating exec would have the change masked
in the audit trail.

The bug has been present since the original introduction of CAPSET
audit records in 2008.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core kernel Pending Fix
Amazon Linux 2 - Kernel-5.10 Extra kernel Pending Fix
Amazon Linux 2 - Kernel-5.15 Extra kernel Pending Fix
Amazon Linux 2 - Kernel-5.4 Extra kernel Pending Fix
Amazon Linux 2023 kernel Pending Fix
Amazon Linux 2023 kernel6.12 Pending Fix
Amazon Linux 2023 kernel6.18 Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N