GHSA-36r9-gj33-8p48

Опубликовано: 29 дек. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved:

apparmor: test: Fix memory leak for aa_unpack_strdup()

The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it.

In the Linux kernel, the following vulnerability has been resolved:

apparmor: test: Fix memory leak for aa_unpack_strdup()

The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it.

unreferenced object 0xffffff80c6af8a50 (size 8): comm "kunit_try_catch", pid 225, jiffies 4294894407 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80c2a29090 (size 8): comm "kunit_try_catch", pid 227, jiffies 4294894409 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4 [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20

Ссылки

5.5 Medium

CVSS3

CVE ID

CVE-2024-56741

Дефекты

CWE-401

Связанные уязвимости

CVE-2024-56741

ubuntu

9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-56741

CVSS3: 5.5

redhat

9 месяцев назад

[REJECTED CVE] A vulnerability was suspected in the Linux kernel's AppArmor test suite due to memory leaks caused by the aa_unpack_strdup() function not freeing memory allocated via kmemdup(). However, this issue was confined to kernel unit tests (kunit_try_catch) and did not impact runtime security or user-space interactions. An attacker could not exploit this bug, as it involved internal test code paths with no exposure to unprivileged users.