[SRU][F/J][PATCH 0/1] CVE-2024-35904
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Oct 21 08:54:11 UTC 2024
[Impact]
selinux: avoid dereference of garbage after mount failure
In case kern_mount() fails and returns an error pointer return in the
error branch instead of continuing and dereferencing the error pointer.
While on it drop the never read static variable selinuxfs_mount.
[Fix]
Noble: Fixed
Jammy: Cherry picked from linux-6.6.y
Focal: Backported from linux-6.6.y
Bionic: Not affected
Xenial: Not affected
[Test Case]
Compile and boot tested enabling SELinux.
[Where problems could occur]
The fix affects the SELinux filesystem. An issue with this fix may lead
to kernel crashes during SELinux policy enforcement or when interacting
with the SELinux filesystem. Users may also experience failed attempts
to load or apply SELinux policies, resulting in security contexts not
being enforced properly.
Christian Göttsche (1):
selinux: avoid dereference of garbage after mount failure
security/selinux/selinuxfs.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list