1.5 KiB
CVE-2025-38396
Description
In the Linux kernel, the following vulnerability has been resolved:fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypassExport anon_inode_make_secure_inode() to allow KVM guest_memfd to createanonymous inodes with proper security context. This replaces the currentpattern of calling alloc_anon_inode() followed byinode_init_security_anon() for creating security context manually.This change also fixes a security regression in secretmem where theS_PRIVATE flag was not cleared after alloc_anon_inode(), causingLSM/SELinux checks to be bypassed for secretmem file descriptors.As guest_memfd currently resides in the KVM module, we need to export thissymbol for use outside the core kernel. In the future, guest_memfd might bemoved to core-mm, at which point the symbols no longer would have to beexported. When/if that happens is still unclear.
POC
Reference
No PoCs from references.