Impact
The Linux kernel audit subsystem previously logged the effective capability set into the inheritable field of every CAPSET record due to a copy‑paste error. As a result, any capability changes intended for privilege‑escalation attacks are masked in the audit trail, compromising forensic and compliance integrity.
Affected Systems
All Linux kernel implementations are affected because the defect resides in core audit code that has existed since 2008. The affected versions are not specifically enumerated in the public advisory, so any installation that has not yet applied the latest kernel patch that corrects the CAPSET audit log behavior remains vulnerable.
Risk and Exploitability
The flaw does not grant direct privilege escalation or denial‑of‑service; rather, it permits a local attacker who can manipulate process capabilities to hide those changes from audit logs. The likely attack vector is inferred to be local only, requiring the attacker to have some ability to adjust capabilities, typically demanding elevated privileges. The CVSS score of 5.5 and an EPSS score of less than 1% indicate moderate severity and low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, but its impact on audit integrity justifies prompt remediation.
OpenCVE Enrichment
Debian DLA