Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncated---

Metrics

 

CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score:  5.5 MEDIUM

Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9	Patch
https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad	Patch
https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85	Patch
https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8	Patch
https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363	Patch
https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346	Patch
https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64	Patch
https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-476	NULL Pointer Dereference	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 9/20/2024 2:22:46 PM

Action	Type	Old Value	New Value
Added	CPE Configuration		Record truncated, showing 500 of 734 characters. View Entire Change Record OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.322 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.284 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.226 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.167 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-476
Changed	Reference Type	https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9 No Types Assigned	https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad No Types Assigned	https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad Patch
Changed	Reference Type	https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85 No Types Assigned	https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8 No Types Assigned	https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363 No Types Assigned	https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 No Types Assigned	https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64 No Types Assigned	https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e No Types Assigned	https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e Patch

New CVE Received by NIST 9/18/2024 3:15:03 AM

Action	Type	Old Value	New Value
Added	Description		Record truncated, showing 500 of 3998 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEM
Added	Reference		kernel.org https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64 [No types assigned]
Added	Reference		kernel.org https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e [No types assigned]