[PATCH 02/11] hornet: invert map set check logic
Fan Wu
wufan at kernel.org
Sat May 30 00:57:12 UTC 2026
On Wed, May 27, 2026 at 8:09 PM Blaise Boscaccy
<bboscaccy at linux.microsoft.com> wrote:
>
> In a multi-map hash verification scenario, a logic bug may have
> allowed an attacker to provide duplicate maps to satisfy the hash
> check count. Instead, invert the logic to verify each map discretely
>
> Signed-off-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>
> ---
I just realized there is no audit event if hornet_check_prog_maps()
fails, probably should add one.
-Fan
More information about the Linux-security-module-archive
mailing list