mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/security
History
Tetsuo Handa aa88387bb8 smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 
[ Upstream commit 0934ad42bb ]

syzbot is reporting UAF at cipso_v4_doi_search() [1], for smk_cipso_doi()
is calling kfree() without removing from the cipso_v4_doi_list list after
netlbl_cfg_cipsov4_map_add() returned an error. We need to use
netlbl_cfg_cipsov4_del() in order to remove from the list and wait for
RCU grace period before kfree().

Link: https://syzkaller.appspot.com/bug?extid=93dba5b91f0fed312cbd [1]
Reported-by: syzbot <syzbot+93dba5b91f0fed312cbd@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6c2e8ac095 ("netlabel: Update kernel configuration API")
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-26 11:40:31 +01:00
..
apparmor apparmor: remove duplicate macro list_entry_is_head() 2021-09-26 13:37:28 +02:00
integrity evm: mark evm_fixmode as __ro_after_init 2021-11-26 11:40:23 +01:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-03 18:22:52 +01:00
loadpin
selinux binder: use cred instead of task for selinux checks 2021-11-26 11:40:20 +01:00
smack smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-26 11:40:31 +01:00
tomoyo License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
yama Yama: Check for pid death before checking ancestry 2019-01-23 08:09:48 +01:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-22 10:57:21 +02:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:35:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:25:34 +02:00
Kconfig /dev/mem: Add bounce buffer for copy-out 2018-03-24 11:01:24 +01:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-23 15:48:43 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c binder: use cred instead of task for selinux checks 2021-11-26 11:40:20 +01:00