7.8

CVE-2022-48740

selinux: fix double free of cond_list on error paths

In the Linux kernel, the following vulnerability has been resolved:

selinux: fix double free of cond_list on error paths

On error path from cond_read_list() and duplicate_policydb_cond_list()
the cond_list_destroy() gets called a second time in caller functions,
resulting in NULL pointer deref.  Fix this by resetting the
cond_list_len to 0 in cond_list_destroy(), making subsequent calls a
noop.

Also consistently reset the cond_list pointer to NULL after freeing.

[PM: fix line lengths in the description]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.7 < 5.10.99
LinuxLinux Kernel Version >= 5.11 < 5.15.22
LinuxLinux Kernel Version >= 5.16 < 5.16.8
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.154
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/186edf7e368c40d06cf727a1ad14698ea67b74ad
Patch
https://git.kernel.org/stable/c/70caa32e6d81f45f0702070c0e4dfe945e92fbd7
Patch
https://git.kernel.org/stable/c/7ed9cbf7ac0d4ed86b356e1b944304ae9ee450d4
Patch
https://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db
Patch