CVE-2025-68733

In the Linux kernel, the following vulnerability has been resolved:

smack: fix bug: unprivileged task can create labels

If an unprivileged task is allowed to relabel itself
(/smack/relabel-self is not empty),
it can freely create new labels by writing their
names into own /proc/PID/attr/smack/current

This occurs because do_setattr() imports
the provided label in advance,
before checking “relabel-self” list.

This change ensures that the “relabel-self” list
is checked before importing the label.

More information : https://git.kernel.org/stable/c/60e8d49989410a7ade60f5dadfcd979c117d05c0