(Resending with correct ML address...)
Hello,
This flaw has already been announced and described here:
https://www.openwall.com/lists/oss-security/2020/04/30/5
This is just a note to let you know that it has been assigned a
CVE-2020-10751 upon request from Red Hat.
The flaw is fixed by the following upstream commit:
commit fb73974172ffaaf57a7c42f35424d9aece1a5af6
Author: Paul Moore <paul () paul-moore com>
Date: Tue Apr 28 09:59:02 2020 -0400
selinux: properly handle multiple messages in selinux_netlink_send()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6
The flaw dates back at least to Linux-2.6.12-rc2, so likely all
versions of Linux currently in use are affected.
RH tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1839634
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel,
Red Hat, Inc.