5.5

CVE-2022-50074

apparmor: Fix memleak in aa_simple_write_to_buffer()

In the Linux kernel, the following vulnerability has been resolved:

apparmor: Fix memleak in aa_simple_write_to_buffer()

When copy_from_user failed, the memory is freed by kvfree. however the
management struct and data blob are allocated independently, so only
kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to
fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 4.19.256
LinuxLinux Kernel Version >= 4.20 < 5.4.211
LinuxLinux Kernel Version >= 5.5 < 5.10.138
LinuxLinux Kernel Version >= 5.11 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.055
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/6500eb3a48ac221051b1791818a1ac74744ef617
Patch
https://git.kernel.org/stable/c/7db182a2ebeefded86fea542fcc5d6a68bb77f58
Patch
https://git.kernel.org/stable/c/8aab4295582eb397a125d2788b829fa62b88dbf7
Patch
https://git.kernel.org/stable/c/bf7ebebce2c25071c719fd8a2f1307e0c243c2d7
Patch
https://git.kernel.org/stable/c/6583edbf459de2e06b9759f264c0ae27e452b97a
Patch
https://git.kernel.org/stable/c/417ea9fe972d2654a268ad66e89c8fcae67017c3
Patch