vulnerability

Debian: CVE-2022-49180: linux -- security update

Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
Feb 27, 2025
Added
Feb 27, 2025
Modified
Feb 28, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

LSM: general protection fault in legacy_parse_param

The usual LSM hook "bail on fail" scheme doesn't work for cases where
a security module may return an error code indicating that it does not
recognize an input. In this particular case Smack sees a mount option
that it recognizes, and returns 0. A call to a BPF hook follows, which
returns -ENOPARAM, which confuses the caller because Smack has processed
its data.

The SELinux hook incorrectly returns 1 on success. There was a time
when this was correct, however the current expectation is that it
return 0 on success. This is repaired.

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.