linux/security
Stefan Berger dd431c3ac1 ima: Fix use-after-free on a dentry's dname.name
commit be84f32bb2 upstream.

->d_name.name can change on rename and the earlier value can be freed;
there are conditions sufficient to stabilize it (->d_lock on dentry,
->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
rename_lock), but none of those are met at any of the sites. Take a stable
snapshot of the name instead.

Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-21 14:38:48 +02:00
..
apparmor apparmor: avoid crash when parsed profile name is empty 2024-01-25 15:35:54 -08:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity ima: Fix use-after-free on a dentry's dname.name 2024-06-21 14:38:48 +02:00
keys KEYS: trusted: Do not use WARN when encode fails 2024-05-25 16:22:55 +02:00
landlock landlock: Fix d_parent walk 2024-06-21 14:38:24 +02:00
loadpin LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by 2023-08-25 16:07:30 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux selinux: avoid dereference of garbage after mount failure 2024-04-10 16:35:48 +02:00
smack smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() 2024-04-03 15:28:16 +02:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:48:39 +00:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
commoncap.c lsm: constify the 'target' parameter in security_capget() 2023-08-08 16:48:47 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm: fix the logic in security_inode_getsecctx() 2024-02-23 09:25:02 +01:00