Description: NetLabel: null pointer dereference while receiving CIPSO packet with null category References: https://www.openwall.com/lists/oss-security/2020/05/12/2 https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/ Notes: carnil> Introduced in 4b8feff251da ("netlabel: fix the horribly broken carnil> catmap functions") in 3.17-rc1 and ceba1832b1b2 ("calipso: Set carnil> the calipso socket label to match the secattr.") in 4.8. We carnil> enabled furthermore CONFIG_NETLABEL only starting in 5.6.7-1. Bugs: upstream: released (5.7-rc6) [eead1c2ea2509fd754c6da893a94f0e69e83ebe4] 4.19-upstream-stable: released (4.19.124) [caf6c20c6421ca687751d27b96c8021c655e56e6] 4.9-upstream-stable: released (4.9.224) [9232577ef3e10775eefe7f2689cbf851c8b13d80] 3.16-upstream-stable: N/A "Vulnerability introduced later" sid: released (5.6.14-1) 4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] 4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/netlabel-cope-with-NULL-catmap.patch] 3.16-jessie-security: N/A "Vulnerability introduced later"