| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025012147-CVE-2024-57931-06fb@gregkh> Date: Tue, 21 Jan 2025 13:01:45 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-57931: selinux: ignore unknown extended permissions Description =========== In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. The Linux kernel CVE team has assigned CVE-2024-57931 to this issue. Affected and fixed versions =========================== Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 5.4.289 with commit f45a77dd24ae9ddb474303ec3975c376bd99fc51 Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 5.10.233 with commit 712137b177b45f255ce5687e679d950fcb218256 Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 5.15.176 with commit f70e4b9ec69d9a74b84c17767a9a4eda8c901021 Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 6.1.124 with commit c79324d42fa48372e0acb306a2761cc642bd4db0 Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 6.6.70 with commit c1dbd28a079553de0023e1c938c713efeeee400f Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 6.12.9 with commit efefe36c03a73bb81c0720ce397659a5051b73fa Issue introduced in 4.3 with commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a and fixed in 6.13 with commit 900f83cf376bdaf798b6f5dcb2eae0c822e908b6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-57931 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: security/selinux/ss/services.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f45a77dd24ae9ddb474303ec3975c376bd99fc51 https://git.kernel.org/stable/c/712137b177b45f255ce5687e679d950fcb218256 https://git.kernel.org/stable/c/f70e4b9ec69d9a74b84c17767a9a4eda8c901021 https://git.kernel.org/stable/c/c79324d42fa48372e0acb306a2761cc642bd4db0 https://git.kernel.org/stable/c/c1dbd28a079553de0023e1c938c713efeeee400f https://git.kernel.org/stable/c/efefe36c03a73bb81c0720ce397659a5051b73fa https://git.kernel.org/stable/c/900f83cf376bdaf798b6f5dcb2eae0c822e908b6
Powered by blists - more mailing lists