Bug 2297522 (CVE-2024-40938)

Summary:	CVE-2024-40938 kernel: landlock: Fix d_parent walk
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	dfreiber, drow, jburrell, vkumar
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc2	Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel's Landlock security module. This issue could trigger a `WARN_ON_ONCE()` when trying to link a root mount point, as the VFS check was incorrectly done after `security_path_link()`. This issue was resolved by fixing the `d_parent` walk in `collect_domain_accesses()`.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-07-12 13:36:18 UTC

In the Linux kernel, the following vulnerability has been resolved:

landlock: Fix d_parent walk

The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when
trying to link a root mount point.  This cannot work in practice because
this directory is mounted, but the VFS check is done after the call to
security_path_link().

Do not use source directory's d_parent when the source directory is the
mount point.

[mic: Fix commit message]