Summary: Security Advisory - linux - CVE-2020-10751 Tech Review: Xiao Gatekeeper: Yue Tao Lockdown Approval (if needed): Branch Tag: LTS19, LTS18
IP Statement (form link or license statement, usually automated): Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess Parent Template (where applicable):
------------------------------------- Impacted area Impact y/n ------------------- ----------- docs/tech-pubs n tests n build system n host dependencies n RPM/packaging n toolchain n kernel code y user code n configuration files n target configuration n Other n Applicable to Yocto/upstream n New Kernel Warnings n
Comments (indicate scope for each "y" above): ---------------------------------------------
From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001
From: Paul Moore paul@paul-moore.com Date: Tue, 28 Apr 2020 09:59:02 -0400 Subject: [PATCH] selinux: properly handle multiple messages in selinux_netlink_send()
commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.
Fix the SELinux netlink_send hook to properly handle multiple netlink messages in a single sk_buff; each message is parsed and subject to SELinux access control. Prior to this patch, SELinux only inspected the first message in the sk_buff.
Cc: stable@vger.kernel.org Reported-by: Dmitry Vyukov dvyukov@google.com Reviewed-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable] Signed-off-by: Ovidiu Panait ovidiu.panait@windriver.com
Added Files: ------------ No.
Removed Files: -------------- No.
Remaining Changes (diffstat): ----------------------------- security/selinux/hooks.c | 70 ++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 25 deletions(-)
Testing Applicable to: ---------------------- intel-x86-64
Testing Commands: ----------------- CONFIG_SECURITY_SELINUX=y bitbake virtual/kernel
Testing, Expected Results: -------------------------- Build OK. No build err/warning caused by this modification.
Conditions of submission: ------------------------- Build OK. No build err/warning caused by this modification. Boot in qemu OK.
Arch built boot boardname ------------------------------------- MIPS n n MIPS64 n n MIPS64n32 n n ARM32 n n ARM64 n n x86 n n x86_64 y n intel-x86-64 PPC n n PPC64 n n SPARC64 n n