You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
smack lsm
About this tag
The Smack LSM (Linux Security Module) is a mandatory access control mechanism for Linux. Discussions on WindowsForum.com cover CVE-2025-68733, a vulnerability in Smack's label import order that could allow unprivileged processes to create new Smack labels under specific configurations. The fix reorders checks so label validation against the relabel-self whitelist occurs before label import, closing an elevation-of-capability window. This content is relevant for enterprise IT and security professionals managing Linux systems with Smack enabled, particularly those using unprivileged relabeling features.
A logic ordering bug in the Smack Linux Security Module (LSM) has been assigned CVE-2025-68733 after maintainers corrected a code path that allowed unprivileged processes — under specific Smack configurations — to create new Smack labels by writing names into their own process attribute files...