refcount bug in apparmor pivotroot handling
Bug #1308765 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
John Johansen | ||
Trusty |
Confirmed
|
Undecided
|
John Johansen | ||
Utopic |
Fix Released
|
Undecided
|
John Johansen |
Bug Description
There is a profile refcount bug in apparmor pivot_root mediation.
The code increments the profile refcount in one function and decrements the refcount in another. However the code refactoring made it so the target profile, that has its refcount incremented is not returned to the fn that is putting the reference. This results in the put always being done on NULL, so that the reference is never actually decremented.
This bug will result in the memory associated with the profile leaking if the profile is ever replaced or removed.
This bug was discovered in auditing of the code
Changed in linux (Ubuntu): | |
assignee: | nobody → John Johansen (jjohansen) |
status: | New → Confirmed |
To post a comment you must log in.
This bug was fixed in the package linux - 3.15.0-4.8
---------------
linux (3.15.0-4.8) utopic; urgency=low
[ Andy Whitcroft ]
* Release Tracking Bug APPARMOR_ UNCONFINED_ INIT
- LP: #1324107
* [Config] enable SECURITY_
[ Javier Martinez Canillas ]
* SAUCE: (no-up) apparmor: fix bug that constantly spam the console
- LP: #1323526
[ John Johansen ]
* SAUCE: (no-up) apparmor: Sync to apparmor3 - alpha6 snapshot
- LP: #1323528
* SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
- LP: #1308761
* SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot
- LP: #1308765
* SAUCE: (no-up): apparmor: fix apparmor refcount bug in apparmor_kill
- LP: #1308764
* SAUCE: (no-up): apparmor: use custom write_is_locked macro
- LP: #1323530
[ Kamal Mostafa ]
* [Config] add debian/gbp.conf
[ Tim Gardner ]
* [Config] CONFIG_SATA_AHCI=m for ppc64el
- LP: #1323980
-- Andy Whitcroft <email address hidden> Wed, 28 May 2014 12:47:17 +0100