Описание
In the Linux kernel, the following vulnerability has been resolved:
apparmor: replace recursive profile removal with iterative approach
The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes.
Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove
Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
In the Linux kernel, the following vulnerability has been resolved:
apparmor: replace recursive profile removal with iterative approach
The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes.
Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove
Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-23404
- https://git.kernel.org/stable/c/33959a491e9fd557abfa5fce5ae4637d400915d3
- https://git.kernel.org/stable/c/7eade846e013cbe8d2dc4a484463aa19e6515c7f
- https://git.kernel.org/stable/c/999bd704b0b641527a5ed46f0d969deff8cfa68b
- https://git.kernel.org/stable/c/a6a941a1294ac5abe22053dc501d25aed96e48fe
- https://git.kernel.org/stable/c/ab09264660f9de5d05d1ef4e225aa447c63a8747
EPSS
CVE ID
Связанные уязвимости
EPSS