CVE-2022-50754

Vulnerability: Memory Leak in AppArmor's multi_transaction_new()

In the Linux kernel's AppArmor security module, the function multi_transaction_new() allocates memory for a new transaction structure t. However, if the subsequent call to copy_from_user(t->data, buf, size) fails, the function returns an error without freeing the previously allocated memory for t. This results in a memory leak, as the allocated memory is no longer referenced and cannot be reclaimed [1][2].

Exploitation

This vulnerability can be triggered by a local user with the ability to interact with AppArmor interfaces that use AppArmor transactions, such as writing to certain files in the AppArmor filesystem. The attacker would need to provide a buffer that causes copy_from_user to fail, for example, by passing an invalid or inaccessible memory address. No special privileges beyond the ability to perform such operations are required, but the attack is local and requires user interaction with the kernel's AppArmor subsystem [3][4].

Impact

An attacker who successfully exploits this vulnerability can cause a memory leak, leading to gradual depletion of system memory. Over time, this could result in denial of service (DoS) conditions, as the system may run out of memory and become unresponsive or crash. The leak is limited to the AppArmor module and does not provide any privilege escalation or code execution capabilities [1][4].

Mitigation

The vulnerability has been patched in the Linux kernel. The fix involves adding a call to put_multi_transaction(t) in the error path to properly free the allocated memory when copy_from_user fails. Users should update their kernel to a version that includes the fix, such as those containing the commits referenced in the stable kernel updates [1][2][3][4]. No workarounds are available other than applying the patch.