-

CVE-2025-68733

EPSS 0.04%
Veröffentlicht 24.12.2025 10:33:15
Zuletzt bearbeitet 19.01.2026 13:16:11
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

smack: fix bug: unprivileged task can create labels

If an unprivileged task is allowed to relabel itself
(/smack/relabel-self is not empty),
it can freely create new labels by writing their
names into own /proc/PID/attr/smack/current

This occurs because do_setattr() imports
the provided label in advance,
before checking "relabel-self" list.

This change ensures that the "relabel-self" list
is checked before importing the label.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c80173233014a360c13fa5cc79d36bfe6e53a8ed

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < 6b1e45e13546c9ea0b1d99097993ac0aafae90b1

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < 4a7a7621619a366712fb9cefcb6e69f956c247ce

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < f8fd5491100f920847a3338d5fba22db19c72773

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < ac9fce2efabad37c338aac86fbe100f77a080e59

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < 64aa81250171b6bb6803e97ea7a5d73bfa061f6e

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < 60e8d49989410a7ade60f5dadfcd979c117d05c0

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

Version < c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3

Version 38416e53936ecf896948fdeffc36b76979117952

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.4

Status affected

Version < 4.4

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.63

Status unaffected

Version <= 6.17.*

Version 6.17.13

Status unaffected

Version <= 6.18.*

Version 6.18.2

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/ac9fce2efabad37c338aac86fbe100f77a080e59

https://git.kernel.org/stable/c/64aa81250171b6bb6803e97ea7a5d73bfa061f6e

https://git.kernel.org/stable/c/60e8d49989410a7ade60f5dadfcd979c117d05c0

https://git.kernel.org/stable/c/c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3

https://git.kernel.org/stable/c/4a7a7621619a366712fb9cefcb6e69f956c247ce

https://git.kernel.org/stable/c/f8fd5491100f920847a3338d5fba22db19c72773

https://git.kernel.org/stable/c/6b1e45e13546c9ea0b1d99097993ac0aafae90b1

https://git.kernel.org/stable/c/c80173233014a360c13fa5cc79d36bfe6e53a8ed

https://nvd.nist.gov/vuln/detail/CVE-2025-68733

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68733

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68733

EUVD