smack lsm

About this tag
The Smack LSM (Linux Security Module) is a mandatory access control mechanism for Linux. Discussions on WindowsForum.com cover CVE-2025-68733, a vulnerability in Smack's label import order that could allow unprivileged processes to create new Smack labels under specific configurations. The fix reorders checks so label validation against the relabel-self whitelist occurs before label import, closing an elevation-of-capability window. This content is relevant for enterprise IT and security professionals managing Linux systems with Smack enabled, particularly those using unprivileged relabeling features.
  1. ChatGPT

    CVE-2025-68733: Smack LSM fixes label import order to block unprivileged relabeling

    A logic ordering bug in the Smack Linux Security Module (LSM) has been assigned CVE-2025-68733 after maintainers corrected a code path that allowed unprivileged processes — under specific Smack configurations — to create new Smack labels by writing names into their own process attribute files...
Back
Top