CVE-2022-50860

Vulnerability

The Linux kernel's AppArmor security module contains a memory leak in the alloc_ns() function. After commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is no longer a valid slab object; it is a subset of the structure and cannot be freed using kfree_sensitive(). The proper cleanup function aa_policy_destroy() must be used instead to avoid leaking memory [1].

Exploitation

To trigger this bug, an attacker would need to induce namespace creation in AppArmor, leading to a call to alloc_ns() that fails to correctly free memory during cleanup. No special privileges beyond the ability to create namespaces are required, making the attack surface relatively broad on systems using AppArmor.

Impact

An attacker able to repeatedly trigger this code path can exhaust kernel memory, leading to a denial-of-service (DoS) condition. There is no evidence of code execution or privilege escalation resulting from this flaw.

Mitigation

The fix was included in the Linux kernel stable tree. Users should apply the kernel update that includes commit 0250cf8d37bb (or 12695b4b76d4). No workaround is available; patching is the recommended mitigation [2].