CVE-2026-46104

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> selinux: use sk blob accessor in socket permission helpers<br /> <br /> SELinux socket state lives in the composite LSM socket blob.<br /> <br /> sock_has_perm() and nlmsg_sock_has_extended_perms() currently<br /> dereference sk-&gt;sk_security directly, which assumes the SELinux socket<br /> blob is at offset zero.<br /> <br /> In stacked configurations that assumption does not hold. If another LSM<br /> allocates socket blob storage before SELinux, these helpers may read the<br /> wrong blob and feed invalid SID and class values into AVC checks.<br /> <br /> Use selinux_sock() instead of accessing sk-&gt;sk_security directly.