auditsc: audit_krule mask accesses need bounds checking

Fixes an easy DoS and possible information disclosure.

This does nothing about the broken state of x32 auditing.

eparis: If the admin has enabled auditd and has specifically loaded
audit rules.  This bug has been around since before git.  Wow...

Signed-off-by: Andy Lutomirski <>
Signed-off-by: Eric Paris <>
Signed-off-by: Linus Torvalds <>
1 file changed