Fix false positive "seccomp filter pointer corruption" on 6.10.10+

The issue may also have been triggered on older kernels, but with negligible probability. Fixes #354
lkrg-org · Oct 19, 2024 · 3e6abdd · 3e6abdd
1 parent 3a24203
commit 3e6abdd
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,6 @@
 The following major changes have been made since 0.9.8:
 
- *) Support Linux 6.11+
+ *) Support Linux 6.11+ and stable 6.10.10+
  *) Support new longterm kernels 5.10.220+
  *) Support new CentOS Stream 9 kernel 5.14.0-470.el9 and beyond (to RHEL 9.5)
  *) Support CONFIG_JUMP_LABEL batch mode also on ARM64

diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c
@@ -1414,7 +1414,8 @@ static int p_cmp_tasks(struct p_ed_process *p_orig, struct task_struct *p_curren
          p_ret++;
       }
 
-      P_CMP_PTR(p_orig->p_ed_task.p_sec.sec.filter, p_current->seccomp.filter, "seccomp filter")
+      if (current == p_current && !(p_current->flags & PF_EXITING))
+         P_CMP_PTR(p_orig->p_ed_task.p_sec.sec.filter, p_current->seccomp.filter, "seccomp filter")
 
       p_lkrg_seccomp_filter_put(p_current);
    }