2 files changed, 5 insertions, 1 deletions

diff --git a/kernel/audit.c b/kernel/audit.c
index 3ef2e0e797e8..ba2ff5a5c600 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1677,7 +1677,7 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
         audit_log_format(ab, " %s=", prefix);
         CAP_FOR_EACH_U32(i) {
                 audit_log_format(ab, "%08x",
-                                 cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]);
+                                 cap->cap[CAP_LAST_U32 - i]);
         }
 }
 
diff --git a/kernel/capability.c b/kernel/capability.c
index a5cf13c018ce..989f5bfc57dc 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -258,6 +258,10 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
                 i++;
         }
 
+        effective.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+        permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+        inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
+
         new = prepare_creds();
         if (!new)
                 return -ENOMEM;