oss-sec mailing list archives
Re: CVE request: kernel/AppArmor local denial of service
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 17 Oct 2011 15:14:30 +0200
On Mon, Oct 17, 2011 at 02:32:43PM +0200, Marcus Meissner wrote:
Hi, A process can cause itself to Ooops by doing an invalid formatted write to the process attr/current when the Apparmor security framework is enabled (even without a apparmor profile). e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current" This will cause a NULL ptr dereference, which oopses the current process and in connection with kdump or panic on oops will halt the machine. References: https://bugs.launchpad.net/apparmor/+bug/789409 https://bugzilla.novell.com/show_bug.cgi?id=717209 Fix is in: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865 This only affected Linux kernel mainline since the introduction of AppArmor up to and including 3.0-rc2 The SUSE patchset used in our older distribution had a additional NULL check avoiding the issue. Ciao, Marcus
Please use CVE-2011-3619. Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request: kernel/AppArmor local denial of service Marcus Meissner (Oct 17)
- Re: CVE request: kernel/AppArmor local denial of service Petr Matousek (Oct 17)