In the Linux kernel, the following vulnerability has been resolved:
fs: Pass ATGETATTRNOSEC flag to getattr interface function
When vfsgetattrnosec() calls a filesystem's getattr interface function then the 'nosec' should propagate into this function so that vfsgetattrnosec() can again be called from the filesystem's gettattr rather than vfsgetattr(). The latter would add unnecessary security checks that the initial vfsgetattrnosec() call wanted to avoid. Therefore, introduce the getattr flag GETATTRNOSEC and allow to pass with the new getattr_flags parameter to the getattr interface function. In overlayfs and ecryptfs use this flag to determine which one of the two functions to call.
In a recent code change introduced to IMA vfsgetattrnosec() ended up calling vfsgetattr() in overlayfs, which in turn called securityinodegetattr() on an exiting process that did not have current->fs set anymore, which then caused a kernel NULL pointer dereference. With this change the call to securityinode_getattr() can be avoided, thus avoiding the NULL pointer dereference.