Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux - CVE-2020-10751

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Summary: Security Advisory - linux - CVE-2020-10751
Tech Review: Xiao
Gatekeeper: Yue Tao
Lockdown Approval (if needed):
Branch Tag: LTS19, LTS18

IP Statement (form link or license statement, usually automated):
Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess
Parent Template (where applicable):


-------------------------------------
Impacted area             Impact y/n
-------------------       -----------
docs/tech-pubs                 n
tests                          n
build system                   n
host dependencies              n
RPM/packaging                  n
toolchain                      n
kernel code                    y
user code                      n
configuration files            n
target configuration           n
Other                          n
Applicable to Yocto/upstream   n
New Kernel Warnings            n


Comments (indicate scope for each "y" above):
---------------------------------------------
>From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@xxxxxxxxxxxxxx>
Date: Tue, 28 Apr 2020 09:59:02 -0400
Subject: [PATCH] selinux: properly handle multiple messages in
 selinux_netlink_send()

commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.

Fix the SELinux netlink_send hook to properly handle multiple netlink
messages in a single sk_buff; each message is parsed and subject to
SELinux access control.  Prior to this patch, SELinux only inspected
the first message in the sk_buff.

Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable]
Signed-off-by: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx>

Added Files:
------------
No.

Removed Files:
--------------
No.

Remaining Changes (diffstat):
-----------------------------
 security/selinux/hooks.c | 70 ++++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 25 deletions(-)

Testing Applicable to:
----------------------
intel-x86-64

Testing Commands:
-----------------
CONFIG_SECURITY_SELINUX=y
bitbake virtual/kernel

Testing, Expected Results:
--------------------------
Build OK. No build err/warning caused by this modification.

Conditions of submission:
-------------------------
Build OK. No build err/warning caused by this modification.
Boot in qemu OK.

Arch    built      boot     boardname
-------------------------------------
MIPS      n         n
MIPS64    n         n
MIPS64n32 n         n
ARM32     n         n
ARM64     n         n
x86       n         n
x86_64    y         n       intel-x86-64
PPC       n         n
PPC64     n         n
SPARC64   n         n
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux