{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68733","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.028Z","datePublished":"2025-12-24T10:33:15.347Z","dateUpdated":"2026-05-11T21:52:17.465Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:17.465Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: fix bug: unprivileged task can create labels\n\nIf an unprivileged task is allowed to relabel itself\n(/smack/relabel-self is not empty),\nit can freely create new labels by writing their\nnames into own /proc/PID/attr/smack/current\n\nThis occurs because do_setattr() imports\nthe provided label in advance,\nbefore checking \"relabel-self\" list.\n\nThis change ensures that the \"relabel-self\" list\nis checked before importing the label."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/smack/smack_lsm.c"],"versions":[{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"c80173233014a360c13fa5cc79d36bfe6e53a8ed","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"6b1e45e13546c9ea0b1d99097993ac0aafae90b1","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"4a7a7621619a366712fb9cefcb6e69f956c247ce","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"f8fd5491100f920847a3338d5fba22db19c72773","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"ac9fce2efabad37c338aac86fbe100f77a080e59","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"64aa81250171b6bb6803e97ea7a5d73bfa061f6e","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"60e8d49989410a7ade60f5dadfcd979c117d05c0","status":"affected","versionType":"git"},{"version":"38416e53936ecf896948fdeffc36b76979117952","lessThan":"c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/smack/smack_lsm.c"],"versions":[{"version":"4.4","status":"affected"},{"version":"0","lessThan":"4.4","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c80173233014a360c13fa5cc79d36bfe6e53a8ed"},{"url":"https://git.kernel.org/stable/c/6b1e45e13546c9ea0b1d99097993ac0aafae90b1"},{"url":"https://git.kernel.org/stable/c/4a7a7621619a366712fb9cefcb6e69f956c247ce"},{"url":"https://git.kernel.org/stable/c/f8fd5491100f920847a3338d5fba22db19c72773"},{"url":"https://git.kernel.org/stable/c/ac9fce2efabad37c338aac86fbe100f77a080e59"},{"url":"https://git.kernel.org/stable/c/64aa81250171b6bb6803e97ea7a5d73bfa061f6e"},{"url":"https://git.kernel.org/stable/c/60e8d49989410a7ade60f5dadfcd979c117d05c0"},{"url":"https://git.kernel.org/stable/c/c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3"}],"title":"smack: fix bug: unprivileged task can create labels","x_generator":{"engine":"bippy-1.2.0"}}}}