Matthew Sheets

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.7 **Description** A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the `ebitmap netlbl import` routine. The issue arises when processing the CIPSO restricted bitmap tag in the `cipso v4 parsetag rbm` routine, which sets the security attribute to indicate the presence of a category bitmap even if it has not been allocated. This leads to a NULL pointer dereference issue, allowing a remote network user to crash the system kernel and resulting in a denial of service. **Recommendations** For Linux kernel versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SELinux subsystem to minimize the risk of exploitation. Avoid using the `ebitmap netlbl import` routine and the `cipso v4 parsetag rbm` routine until the issue is resolved.