CVE-2021-46971

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/core: Fix unconditional security_locked_down() call<br /> <br /> Currently, the lockdown state is queried unconditionally, even though<br /> its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in<br /> attr.sample_type. While that doesn&amp;#39;t matter in case of the Lockdown LSM,<br /> it causes trouble with the SELinux&amp;#39;s lockdown hook implementation.<br /> <br /> SELinux implements the locked_down hook with a check whether the current<br /> task&amp;#39;s type has the corresponding "lockdown" class permission<br /> ("integrity" or "confidentiality") allowed in the policy. This means<br /> that calling the hook when the access control decision would be ignored<br /> generates a bogus permission check and audit record.<br /> <br /> Fix this by checking sample_type first and only calling the hook when<br /> its result would be honored.