CVE-2025-68733
Privilege Escalation via Label Creation Bug in Linux Smack
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's Smack security module allows an unprivileged task to create new security labels if the /smack/relabel-self list is not empty. The issue arises because the kernel imports the provided label before verifying if the task is allowed to relabel itself, enabling unauthorized creation of labels by writing to /proc/PID/attr/smack/current. The fix ensures the relabel-self list is checked before importing the label.
How can this vulnerability impact me? :
This vulnerability can allow unprivileged tasks to create arbitrary security labels, potentially leading to unauthorized access or privilege escalation within the system. This undermines the integrity of the Smack security policy enforcement, possibly allowing attackers to bypass security restrictions.