apparmor refcount bug in apparmor_kill
Bug #1308764 reported by
John Johansen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Undecided
|
John Johansen | ||
| Trusty |
Confirmed
|
Undecided
|
John Johansen | ||
Bug Description
There is a race window in the apparmor_kill hook, that may result in a profile refcount being decremented without a previous increment. This can result in the profile being freed, while references still exist and can lead to an oops.
The race window exists for the time after the profile has been replaced but before the task cred has been updated to the new profile.
This bug has not been seen in the wild and was found as part of a code audit.
| Changed in linux (Ubuntu): | |
| status: | New → Confirmed |
| assignee: | nobody → John Johansen (jjohansen) |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package linux - 3.15.0-4.8
---------------
linux (3.15.0-4.8) utopic; urgency=low
[ Andy Whitcroft ]
* Release Tracking Bug
- LP: #1324107
* [Config] enable SECURITY_
[ Javier Martinez Canillas ]
* SAUCE: (no-up) apparmor: fix bug that constantly spam the console
- LP: #1323526
[ John Johansen ]
* SAUCE: (no-up) apparmor: Sync to apparmor3 - alpha6 snapshot
- LP: #1323528
* SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
- LP: #1308761
* SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot
- LP: #1308765
* SAUCE: (no-up): apparmor: fix apparmor refcount bug in apparmor_kill
- LP: #1308764
* SAUCE: (no-up): apparmor: use custom write_is_locked macro
- LP: #1323530
[ Kamal Mostafa ]
* [Config] add debian/gbp.conf
[ Tim Gardner ]
* [Config] CONFIG_SATA_AHCI=m for ppc64el
- LP: #1323980
-- Andy Whitcroft <email address hidden> Wed, 28 May 2014 12:47:17 +0100