CVE-2025-68733 – smack: fix bug: unprivileged task can create labels

CVE ID : CVE-2025-68733

Published : Dec. 24, 2025, 11:16 a.m. | 1 hour, 5 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

smack: fix bug: unprivileged task can create labels

If an unprivileged task is allowed to relabel itself
(/smack/relabel-self is not empty),
it can freely create new labels by writing their
names into own /proc/PID/attr/smack/current

This occurs because do_setattr() imports
the provided label in advance,
before checking “relabel-self” list.

This change ensures that the “relabel-self” list
is checked before importing the label.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…