CVE-2026-53287

Public on 2026-06-26
Modified on 2026-07-03
Description
In the Linux kernel, the following vulnerability has been resolved:

audit: fix incorrect inheritable capability in CAPSET records

__audit_log_capset() records the effective capability set into the
inheritable field due to a copy-paste error. Every CAPSET audit
record therefore reports cap_pi (process inheritable) with the value
of cap_effective instead of cap_inheritable.

This silently corrupts audit data used for compliance and forensic
analysis: an attacker who modifies inheritable capabilities to
prepare for a privilege-escalating exec would have the change masked
in the audit trail.

The bug has been present since the original introduction of CAPSET
audit records in 2008.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core kernel Pending Fix
Amazon Linux 2 - Kernel-5.10 Extra kernel 2026-06-22 ALAS2KERNEL-5.10-2026-123 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2026-06-22 ALAS2KERNEL-5.15-2026-107 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel Pending Fix
Amazon Linux 2023 kernel 2026-06-22 ALAS2023-2026-1882 Fixed
Amazon Linux 2023 kernel6.12 2026-06-22 ALAS2023-2026-1894 Fixed
Amazon Linux 2023 kernel6.18 2026-06-22 ALAS2023-2026-1866 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N