CVE-2025-68733
Published Dec 24, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc/PID/attr/smack/current This occurs because do_setattr() imports the provided label in advance, before checking "relabel-self" list. This change ensures that the "relabel-self" list is checked before importing the label.
Is your site exposed to CVE-2025-68733?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/4a7a7621619a366712fb9cefcb6e69f956c247ce
https://git.kernel.org/stable/c/60e8d49989410a7ade60f5dadfcd979c117d05c0
https://git.kernel.org/stable/c/64aa81250171b6bb6803e97ea7a5d73bfa061f6e
https://git.kernel.org/stable/c/6b1e45e13546c9ea0b1d99097993ac0aafae90b1
https://git.kernel.org/stable/c/ac9fce2efabad37c338aac86fbe100f77a080e59
https://git.kernel.org/stable/c/c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3
https://git.kernel.org/stable/c/c80173233014a360c13fa5cc79d36bfe6e53a8ed
https://git.kernel.org/stable/c/f8fd5491100f920847a3338d5fba22db19c72773
Frequently Asked Questions
What is CVE-2025-68733? +
In the Linux kernel, the following vulnerability has been resolved:
smack: fix bug: unprivileged task can create labels
If an unprivileged task is allowed to relabel itself
(/smack/relabel-self is not empty),
it can freely create new labels by writing their
names into own /proc/PID/attr/smack/current
This occurs because do_setattr() imports
the provided label in advance,
before checking "relabel-self" list.
This change ensures that the "relabel-self" list
is checked before importing the label.
How do I check if I'm vulnerable to CVE-2025-68733? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.