On Wed, Jun 03, 2020 at 10:57:00AM +0300, Ovidiu Panait wrote:
Summary: Security Advisory - linux - CVE-2020-10751 Tech Review: Xiao Gatekeeper: Yue Tao Lockdown Approval (if needed): Branch Tag: LTS19, LTS18
IP Statement (form link or license statement, usually automated): Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess Parent Template (where applicable):
Impacted area Impact y/n
docs/tech-pubs n tests n build system n host dependencies n RPM/packaging n toolchain n kernel code y user code n configuration files n target configuration n Other n Applicable to Yocto/upstream n New Kernel Warnings n
Comments (indicate scope for each "y" above):
From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001
From: Paul Moore paul@paul-moore.com Date: Tue, 28 Apr 2020 09:59:02 -0400 Subject: [PATCH] selinux: properly handle multiple messages in selinux_netlink_send()
commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.
Fix the SELinux netlink_send hook to properly handle multiple netlink messages in a single sk_buff; each message is parsed and subject to SELinux access control. Prior to this patch, SELinux only inspected the first message in the sk_buff.
Cc: stable@vger.kernel.org Reported-by: Dmitry Vyukov dvyukov@google.com Reviewed-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable] Signed-off-by: Ovidiu Panait ovidiu.panait@windriver.com
Added Files:
No.
Removed Files:
No.
Remaining Changes (diffstat):
security/selinux/hooks.c | 70 ++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 25 deletions(-)
Testing Applicable to:
intel-x86-64
Testing Commands:
CONFIG_SECURITY_SELINUX=y bitbake virtual/kernel
Testing, Expected Results:
Build OK. No build err/warning caused by this modification.
Conditions of submission:
Build OK. No build err/warning caused by this modification. Boot in qemu OK.
Arch built boot boardname
MIPS n n MIPS64 n n MIPS64n32 n n ARM32 n n ARM64 n n x86 n n x86_64 y n intel-x86-64 PPC n n PPC64 n n SPARC64 n n
What is this message for? What are we supposed to do with it?
confused,
greg k-h