Commit "IMA: policy can now be updated multiple times" assumed that the policy would be updated at least once.
If there are zero updates, the temporary list head object will get added to the policy list, and later dereferenced as an IMA policy object, which means that invalid memory will be accessed. Signed-off-by: Sasha Levin <sasha.le...@oracle.com> --- security/integrity/ima/ima_policy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ba5d2fc..9b958b8 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -431,6 +431,9 @@ void ima_update_policy(void) { struct list_head *first, *last, *policy; + if (list_empty(&ima_temp_rules)) + return; + /* append current policy with the new rules */ first = (&ima_temp_rules)->next; last = (&ima_temp_rules)->prev; -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html