Homepage

Reliance on Untrusted Inputs in a Security Decision The advisory has been revoked - it doesn't affect any version of package kernel-rt-debug-modules-internal  (opens in a new tab)

Threat Intelligence

EPSS
0.05% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-KERNELRTDEBUGMODULESINTERNAL-9072662
  • published5 Mar 2025
  • disclosed26 Feb 2025
Report a new vulnerability Found a mistake?

Introduced: 26 Feb 2025

CVE-2022-49180  (opens in a new tab)
CWE-807  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-debug-modules-internal package and not the kernel-rt-debug-modules-internal package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

LSM: general protection fault in legacy_parse_param

The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data.

The SELinux hook incorrectly returns 1 on success. There was a time when this was correct, however the current expectation is that it return 0 on success. This is repaired.