Konstantin Andreev

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.29.4 **Description** The issue is related to the smack inet conn request() function in the Linux kernel's Smack implementation, which incorrectly labels packets in IPv4 connections. This can allow an unauthorized party to impact the confidentiality, integrity, and availability of protected information. The vulnerability manifests when a label 'foo' connects to a label 'bar' with tcp/ipv4, and 'foo' always gets 'foo' in returned ipv4 packets, instead of the expected 'bar' label. This can lead to 'bar' writing to 'foo' without authorization. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the incorrect labeling in Smack's tcp/ipv4 connections. As a temporary workaround, consider restricting access to the smack inet conn request() function until a patch is available.