Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name;
however ent->ns_name is freed at 1262 aa_load_ent_free(ent);
and then again when freeing ns_name at 1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
“)
Details
- Affected product:
- AlmaLinux 9.2 ESU , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 5.14.0 (+1 more)
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name;
however ent->ns_name is freed at 1262 aa_load_ent_free(ent);
and then again when freeing ns_name at 1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
“)