Linux Kernel Anonymous Inode Security Context Vulnerability in Secretmem

Vulnerability

A vulnerability in the Linux kernel's handling of anonymous inodes has been addressed. The issue arose in the secret memory (secretmem) feature, where the S_PRIVATE flag was not properly cleared, allowing Linux Security Module (LSM) and SELinux checks to be bypassed for secretmem file descriptors. This vulnerability has been resolved by exporting the anon_inode_make_secure_inode() function to enable KVM guest memory file descriptors to create anonymous inodes with the correct security context. The change replaces the previous method of manually setting the security context, thereby restoring proper LSM/SELinux enforcement for secretmem file descriptors.

Impact

The vulnerability could lead to a bypass of LSM/SELinux checks, allowing unauthorized access or manipulation of secretmem file descriptors.

Added: Jul 25, 2025, 1:41 PM

Updated: Jul 25, 2025, 6:12 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Anonymous Inode Security Context Vulnerability in Secretmem

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating