CVE-2026-53287 (GCVE-0-2026-53287)

Vulnerability from cvelistv5 – Published: 2026-06-26 19:40 – Updated: 2026-06-26 19:40
VLAI
Title
audit: fix incorrect inheritable capability in CAPSET records
Summary
In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records __audit_log_capset() records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cap_pi (process inheritable) with the value of cap_effective instead of cap_inheritable. This silently corrupts audit data used for compliance and forensic analysis: an attacker who modifies inheritable capabilities to prepare for a privilege-escalating exec would have the change masked in the audit trail. The bug has been present since the original introduction of CAPSET audit records in 2008.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: e68b75a027bb94066576139ee33676264f867b87 , < 75bd76c9eb2de9afeca03dc5152ebca5fb8fc816 (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < febb4bf373ac565d3fb8d1f429827bdd983be496 (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < 95de7bb4bf535a9288549d401ebde83cdcbf2792 (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < 151ee470edc3d7ed29fe72df678f8357d2ad8ced (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < 0a065c51a225854768b772a0b733a44d77162582 (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < e35f3550c5b4fab33103c18654c293cee9850b0a (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < d782e4d200cd9036ef353eeb29525bfbfd13a14e (git)
Affected: e68b75a027bb94066576139ee33676264f867b87 , < e4a640475e43f406fdfd56d370b1f34b0cbbc18d (git)
Create a notification for this product.
Linux Linux Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 5.10.258 , ≤ 5.10.* (semver)
Unaffected: 5.15.209 , ≤ 5.15.* (semver)
Unaffected: 6.1.175 , ≤ 6.1.* (semver)
Unaffected: 6.6.141 , ≤ 6.6.* (semver)
Unaffected: 6.12.91 , ≤ 6.12.* (semver)
Unaffected: 6.18.33 , ≤ 6.18.* (semver)
Unaffected: 7.0.10 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/auditsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "75bd76c9eb2de9afeca03dc5152ebca5fb8fc816",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "febb4bf373ac565d3fb8d1f429827bdd983be496",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "95de7bb4bf535a9288549d401ebde83cdcbf2792",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "151ee470edc3d7ed29fe72df678f8357d2ad8ced",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "0a065c51a225854768b772a0b733a44d77162582",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "e35f3550c5b4fab33103c18654c293cee9850b0a",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "d782e4d200cd9036ef353eeb29525bfbfd13a14e",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            },
            {
              "lessThan": "e4a640475e43f406fdfd56d370b1f34b0cbbc18d",
              "status": "affected",
              "version": "e68b75a027bb94066576139ee33676264f867b87",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/auditsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.258",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.258",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.209",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.175",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.141",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix incorrect inheritable capability in CAPSET records\n\n__audit_log_capset() records the effective capability set into the\ninheritable field due to a copy-paste error. Every CAPSET audit\nrecord therefore reports cap_pi (process inheritable) with the value\nof cap_effective instead of cap_inheritable.\n\nThis silently corrupts audit data used for compliance and forensic\nanalysis: an attacker who modifies inheritable capabilities to\nprepare for a privilege-escalating exec would have the change masked\nin the audit trail.\n\nThe bug has been present since the original introduction of CAPSET\naudit records in 2008."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T19:40:47.946Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/75bd76c9eb2de9afeca03dc5152ebca5fb8fc816"
        },
        {
          "url": "https://git.kernel.org/stable/c/febb4bf373ac565d3fb8d1f429827bdd983be496"
        },
        {
          "url": "https://git.kernel.org/stable/c/95de7bb4bf535a9288549d401ebde83cdcbf2792"
        },
        {
          "url": "https://git.kernel.org/stable/c/151ee470edc3d7ed29fe72df678f8357d2ad8ced"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a065c51a225854768b772a0b733a44d77162582"
        },
        {
          "url": "https://git.kernel.org/stable/c/e35f3550c5b4fab33103c18654c293cee9850b0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d782e4d200cd9036ef353eeb29525bfbfd13a14e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4a640475e43f406fdfd56d370b1f34b0cbbc18d"
        }
      ],
      "title": "audit: fix incorrect inheritable capability in CAPSET records",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53287",
    "datePublished": "2026-06-26T19:40:47.946Z",
    "dateReserved": "2026-06-09T07:44:35.396Z",
    "dateUpdated": "2026-06-26T19:40:47.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53287",
      "date": "2026-07-09",
      "epss": "0.00122",
      "percentile": "0.02383"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53287\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-26T20:17:21.457\",\"lastModified\":\"2026-07-08T03:54:54.707\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\naudit: fix incorrect inheritable capability in CAPSET records\\n\\n__audit_log_capset() records the effective capability set into the\\ninheritable field due to a copy-paste error. Every CAPSET audit\\nrecord therefore reports cap_pi (process inheritable) with the value\\nof cap_effective instead of cap_inheritable.\\n\\nThis silently corrupts audit data used for compliance and forensic\\nanalysis: an attacker who modifies inheritable capabilities to\\nprepare for a privilege-escalating exec would have the change masked\\nin the audit trail.\\n\\nThe bug has been present since the original introduction of CAPSET\\naudit records in 2008.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"kernel/auditsc.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"75bd76c9eb2de9afeca03dc5152ebca5fb8fc816\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"febb4bf373ac565d3fb8d1f429827bdd983be496\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"95de7bb4bf535a9288549d401ebde83cdcbf2792\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"151ee470edc3d7ed29fe72df678f8357d2ad8ced\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"0a065c51a225854768b772a0b733a44d77162582\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"e35f3550c5b4fab33103c18654c293cee9850b0a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"d782e4d200cd9036ef353eeb29525bfbfd13a14e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e68b75a027bb94066576139ee33676264f867b87\",\"lessThan\":\"e4a640475e43f406fdfd56d370b1f34b0cbbc18d\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"kernel/auditsc.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.29\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.29\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.258\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.209\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.175\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.141\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.91\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.33\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.10\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.29\",\"versionEndExcluding\":\"5.10.258\",\"matchCriteriaId\":\"CE62A641-B2AF-4077-9B44-DCE56A381D1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.209\",\"matchCriteriaId\":\"919C10A9-7951-4A74-BADD-C135A0A8D8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.175\",\"matchCriteriaId\":\"92385813-D91D-480D-83A1-F423D2CBB2BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.141\",\"matchCriteriaId\":\"97A9FFFA-22BB-4D5C-9790-5A2286E392F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.91\",\"matchCriteriaId\":\"C918746B-DE6F-448F-A93E-A04C5481688D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.33\",\"matchCriteriaId\":\"96D99E49-380D-43AB-BDBA-25C3AD018A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"7.0.10\",\"matchCriteriaId\":\"A13475D2-59BF-4716-94B5-7C1D239A2CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1EF7059-E670-45F4-B422-54C40FA86390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D38F0BF-A728-4133-A358-D44A2F7EE6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC732D08-5F7B-46D9-B154-E60C7F4F0A97\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0a065c51a225854768b772a0b733a44d77162582\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/151ee470edc3d7ed29fe72df678f8357d2ad8ced\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/75bd76c9eb2de9afeca03dc5152ebca5fb8fc816\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/95de7bb4bf535a9288549d401ebde83cdcbf2792\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d782e4d200cd9036ef353eeb29525bfbfd13a14e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e35f3550c5b4fab33103c18654c293cee9850b0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e4a640475e43f406fdfd56d370b1f34b0cbbc18d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/febb4bf373ac565d3fb8d1f429827bdd983be496\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…