VYPR
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68733

CVE-2025-68733

Description

In the Linux kernel, the following vulnerability has been resolved:

smack: fix bug: unprivileged task can create labels

If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc/PID/attr/smack/current

This occurs because do_setattr() imports the provided label in advance, before checking "relabel-self" list.

This change ensures that the "relabel-self" list is checked before importing the label.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

38

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.