CVE-2024-42318: landlock: Don't lose track of restrictions on cred_transfer

First published: Sat Aug 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost. This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself. Fix it by adding a cred_transfer hook that does the same thing as the existing cred_prepare hook. (Implemented by having hook_cred_prepare() call hook_cred_transfer() so that the two functions are less likely to accidentally diverge in the future.)

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/title
• agent/first-publish-date
• agent/type
• collector/oss-sec
• source/oss-sec
• alias/CVE-2024-42318
• collector/nvd-api
• source/NVD
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• collector/usn-cve
• source/Ubuntu
• collector/nvd-cve
• collector/security-tracker-debian
• source/Debian
• agent/software-canonical-lookup
• agent/references
• agent/author
• agent/softwarecombine
• agent/tags
• agent/description
• agent/event
• package-manager/debian