| The vulnerability, tracked as CVE-2021-47336, affects the Linux kernel's Smack File System (smackfs). Specifically, it is related to the `smk_set_cipso()` function, which sets the Common IP Security Option (CIPSO) labels for a file. The issue arises from an incomplete fix in commit 7ef4c19d245f3dc2, which restricted byte counts in smackfs write functions but missed applying the count > SMK_CIPSOMAX check to only the format == SMK_FIXED24_FMT case. |
| |
| This oversight allows for potential exploitation, although the exact nature of the vulnerability is not explicitly stated. The Linux kernel CVE team has assigned a severity rating to this issue, indicating its potential impact on system security and stability. |
| |
| The affected files are limited to `security/smack/smackfs.c`, and fixes have been applied to various kernel versions, including 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, 5.13.3, and 5.14. The Linux kernel CVE team recommends updating to the latest stable kernel version to address this issue, as individual changes are not tested or supported in isolation. |
| |
