APPLIED: [SRU][F/J][PATCH 0/1] CVE-2024-35904
Stefan Bader
stefan.bader at canonical.com
Fri Oct 25 13:53:14 UTC 2024
On 21.10.24 10:54, Massimiliano Pellizzer wrote:
> [Impact]
>
> selinux: avoid dereference of garbage after mount failure
>
> In case kern_mount() fails and returns an error pointer return in the
> error branch instead of continuing and dereferencing the error pointer.
>
> While on it drop the never read static variable selinuxfs_mount.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Cherry picked from linux-6.6.y
> Focal: Backported from linux-6.6.y
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested enabling SELinux.
>
> [Where problems could occur]
>
> The fix affects the SELinux filesystem. An issue with this fix may lead
> to kernel crashes during SELinux policy enforcement or when interacting
> with the SELinux filesystem. Users may also experience failed attempts
> to load or apply SELinux policies, resulting in security contexts not
> being enforced properly.
>
> Christian Göttsche (1):
> selinux: avoid dereference of garbage after mount failure
>
> security/selinux/selinuxfs.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
Applied to jammy,focal:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241025/6effea0a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241025/6effea0a/attachment-0001.sig>
More information about the kernel-team
mailing list