Linux Kernel SELinux Context Conversion Vulnerability Allows Sleeping in Invalid Context

A vulnerability in the Linux kernel's SELinux context conversion process can lead to issues by allowing sleeping functions to be called in invalid contexts. This problem arises in the 'convert_context' function, which is part of the SELinux SID table management. The vulnerability affects Linux kernel versions prior to 5.10.0. The issue was triggered while converting SID table entries, leading to a warning that a sleeping function was called from an invalid context, with the process attempting to allocate memory in a way that could disrupt kernel operations.

Impact

The vulnerability can cause a kernel panic by disrupting the normal execution flow, particularly in contexts where sleeping is not permitted, such as within certain critical sections of the kernel.

Reproduction

The vulnerability can be reproduced by invoking the 'tar' command in an environment where SELinux is enforcing. This triggers the SELinux context conversion process, which improperly handles memory allocation, leading to the violation of context rules.

Remediation

Users can upgrade to Linux kernel versions 5.10.0 or later, where this vulnerability has been addressed.