In the Linux kernel, the following vulnerability has been resolved:
landlock: Don't lose track of restrictions on cred_transfer
When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case (when KEYCTLSESSIONTOPARENT updates the parent's credentials), the credtransfer LSM hook is used instead. Landlock only implements the credprepare hook, not credtransfer, so KEYCTLSESSIONTOPARENT causes all information on Landlock restrictions to be lost.
This basically means that a process with the ability to use the fork() and keyctl() syscalls can get rid of all Landlock restrictions on itself.
Fix it by adding a credtransfer hook that does the same thing as the existing credprepare hook. (Implemented by having hookcredprepare() call hookcredtransfer() so that the two functions are less likely to accidentally diverge in the future.)