security_inode_follow_link: KASAN UAF localization report
David Maximiliano Hermitte
davemadmaxxx at gmail.com
Mon Jun 8 05:31:25 UTC 2026
Hello,
I reproduced this issue locally in a QEMU/TCG VM and I can confirm a valid BEFORE signal.
Summary of the local evidence:
- Reproducer started: yes
- KASAN seen: yes
- use-after-free seen: yes
- target function seen: security_inode_follow_link
- target file seen: security/security.c
- Call Trace seen: yes
- RIP seen: yes
- BEFORE validation: true
At this point I am treating this as a localization report, not as a final patch submission.
The trace points to the security_inode_follow_link / link-follow path. I would prefer not to guess the final fix, since I do not yet have a validated AFTER patch for this issue.
I can provide the reproducer evidence and retest any proposed patch if helpful.
Thanks,
David
More information about the Linux-security-module-archive
mailing list