On Wed, Jun 03, 2020 at 10:57:00AM +0300, Ovidiu Panait wrote: > Summary: Security Advisory - linux - CVE-2020-10751 > Tech Review: Xiao > Gatekeeper: Yue Tao > Lockdown Approval (if needed): > Branch Tag: LTS19, LTS18 > > IP Statement (form link or license statement, usually automated): > Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess > Parent Template (where applicable): > > > ------------------------------------- > Impacted area Impact y/n > ------------------- ----------- > docs/tech-pubs n > tests n > build system n > host dependencies n > RPM/packaging n > toolchain n > kernel code y > user code n > configuration files n > target configuration n > Other n > Applicable to Yocto/upstream n > New Kernel Warnings n > > > Comments (indicate scope for each "y" above): > --------------------------------------------- > >From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001 > From: Paul Moore <paul@xxxxxxxxxxxxxx> > Date: Tue, 28 Apr 2020 09:59:02 -0400 > Subject: [PATCH] selinux: properly handle multiple messages in > selinux_netlink_send() > > commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream. > > Fix the SELinux netlink_send hook to properly handle multiple netlink > messages in a single sk_buff; each message is parsed and subject to > SELinux access control. Prior to this patch, SELinux only inspected > the first message in the sk_buff. > > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > [OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable] > Signed-off-by: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx> > > Added Files: > ------------ > No. > > Removed Files: > -------------- > No. > > Remaining Changes (diffstat): > ----------------------------- > security/selinux/hooks.c | 70 ++++++++++++++++++++++++++-------------- > 1 file changed, 45 insertions(+), 25 deletions(-) > > Testing Applicable to: > ---------------------- > intel-x86-64 > > Testing Commands: > ----------------- > CONFIG_SECURITY_SELINUX=y > bitbake virtual/kernel > > Testing, Expected Results: > -------------------------- > Build OK. No build err/warning caused by this modification. > > Conditions of submission: > ------------------------- > Build OK. No build err/warning caused by this modification. > Boot in qemu OK. > > Arch built boot boardname > ------------------------------------- > MIPS n n > MIPS64 n n > MIPS64n32 n n > ARM32 n n > ARM64 n n > x86 n n > x86_64 y n intel-x86-64 > PPC n n > PPC64 n n > SPARC64 n n What is this message for? What are we supposed to do with it? confused, greg k-h
