ACK: [SRU][F/J][PATCH 0/1] CVE-2024-35904
Guoqing Jiang
guoqing.jiang at canonical.com
Tue Oct 22 02:23:05 UTC 2024
Acked-by: Guoqing Jiang <guoqing.jiang at canonical.com>
On 10/21/24 16:54, Massimiliano Pellizzer wrote:
> [Impact]
>
> selinux: avoid dereference of garbage after mount failure
>
> In case kern_mount() fails and returns an error pointer return in the
> error branch instead of continuing and dereferencing the error pointer.
>
> While on it drop the never read static variable selinuxfs_mount.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Cherry picked from linux-6.6.y
> Focal: Backported from linux-6.6.y
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested enabling SELinux.
>
> [Where problems could occur]
>
> The fix affects the SELinux filesystem. An issue with this fix may lead
> to kernel crashes during SELinux policy enforcement or when interacting
> with the SELinux filesystem. Users may also experience failed attempts
> to load or apply SELinux policies, resulting in security contexts not
> being enforced properly.
>
> Christian Göttsche (1):
> selinux: avoid dereference of garbage after mount failure
>
> security/selinux/selinuxfs.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
More information about the kernel-team
mailing list