{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-71304", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-08T13:14:33.087Z", "datePublished": "2026-05-27T12:14:53.289Z", "dateUpdated": "2026-05-27T12:14:53.289Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:14:53.289Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: /smack/doi: accept previously used values\n\nWriting to /smack/doi a value that has ever been\nwritten there in the past disables networking for\nnon-ambient labels.\nE.g.\n\n # cat /smack/doi\n 3\n # netlabelctl -p cipso list\n Configured CIPSO mappings (1)\n DOI value : 3\n mapping type : PASS_THROUGH\n # netlabelctl -p map list\n Configured NetLabel domain mappings (3)\n domain: \"_\" (IPv4)\n protocol: UNLABELED\n domain: DEFAULT (IPv4)\n protocol: CIPSO, DOI = 3\n domain: DEFAULT (IPv6)\n protocol: UNLABELED\n\n # cat /smack/ambient\n _\n # cat /proc/$$/attr/smack/current\n _\n # ping -c1 10.1.95.12\n 64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.964 ms\n # echo foo >/proc/$$/attr/smack/current\n # ping -c1 10.1.95.12\n 64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.956 ms\n unknown option 86\n\n # echo 4 >/smack/doi\n # echo 3 >/smack/doi\n!> [ 214.050395] smk_cipso_doi:691 cipso add rc = -17\n # echo 3 >/smack/doi\n!> [ 249.402261] smk_cipso_doi:678 remove rc = -2\n!> [ 249.402261] smk_cipso_doi:691 cipso add rc = -17\n\n # ping -c1 10.1.95.12\n!!> ping: 10.1.95.12: Address family for hostname not supported\n\n # echo _ >/proc/$$/attr/smack/current\n # ping -c1 10.1.95.12\n 64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.617 ms\n\nThis happens because Smack keeps decommissioned DOIs,\nfails to re-add them, and consequently refuses to add\nthe “default” domain map:\n\n # netlabelctl -p cipso list\n Configured CIPSO mappings (2)\n DOI value : 3\n mapping type : PASS_THROUGH\n DOI value : 4\n mapping type : PASS_THROUGH\n # netlabelctl -p map list\n Configured NetLabel domain mappings (2)\n domain: \"_\" (IPv4)\n protocol: UNLABELED\n!> (no ipv4 map for default domain here)\n domain: DEFAULT (IPv6)\n protocol: UNLABELED\n\nFix by clearing decommissioned DOI definitions and\nserializing concurrent DOI updates with a new lock.\n\nAlso:\n- allow /smack/doi to live unconfigured, since\n adding a map (netlbl_cfg_cipsov4_map_add) may fail.\n CIPSO_V4_DOI_UNKNOWN(0) indicates the unconfigured DOI\n- add new DOI before removing the old default map,\n so the old map remains if the add fails\n\n(2008-02-04, Casey Schaufler)" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "security/smack/smackfs.c" ], "versions": [ { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "eb718a3c8181ada679340db34cd61bce48e44749", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "6ec091c5c7eeabd249a7c46813cad1e9f555f859", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "199452f22d2f74b897fe826f81ec402b0a8461a0", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "1c7ee23dfcd18d80770d8f90f2ab5bb1b2bfd8a3", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "f8071500177f38cff38892bd85ac631cc6e010b2", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "5a247a84de0ba44edbbd6be851c8a6b2aa60ff85", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "8beebb8ad9a003f978e53b06237986588223e15e", "status": "affected", "versionType": "git" }, { "version": "e114e473771c848c3cfec05f0123e70f1cdbdc99", "lessThan": "33d589ed60ae433b483761987b85e0d24e54584e", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "security/smack/smackfs.c" ], "versions": [ { "version": "2.6.25", "status": "affected" }, { "version": "0", "lessThan": "2.6.25", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.252", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.202", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.165", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.128", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.18.14", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "5.10.252" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "5.15.202" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.1.165" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.6.128" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.12.75" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.18.14" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "6.19.4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.25", "versionEndExcluding": "7.0" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/eb718a3c8181ada679340db34cd61bce48e44749" }, { "url": "https://git.kernel.org/stable/c/6ec091c5c7eeabd249a7c46813cad1e9f555f859" }, { "url": "https://git.kernel.org/stable/c/199452f22d2f74b897fe826f81ec402b0a8461a0" }, { "url": "https://git.kernel.org/stable/c/1c7ee23dfcd18d80770d8f90f2ab5bb1b2bfd8a3" }, { "url": "https://git.kernel.org/stable/c/f8071500177f38cff38892bd85ac631cc6e010b2" }, { "url": "https://git.kernel.org/stable/c/5a247a84de0ba44edbbd6be851c8a6b2aa60ff85" }, { "url": "https://git.kernel.org/stable/c/8beebb8ad9a003f978e53b06237986588223e15e" }, { "url": "https://git.kernel.org/stable/c/33d589ed60ae433b483761987b85e0d24e54584e" } ], "title": "smack: /smack/doi: accept previously used values", "x_generator": { "engine": "bippy-1.2.0" } } } }