Re: CVE request: kernel/AppArmor local denial of service

[Petr Matousek <pmatouse () redhat com>]

On Mon, Oct 17, 2011 at 02:32:43PM +0200, Marcus Meissner wrote:
> Hi,
>
> A process can cause itself to Ooops by doing an invalid formatted
> write to the process attr/current when the Apparmor security framework
> is enabled (even without a apparmor profile).
>
> e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current"
>
> This will cause a NULL ptr dereference, which oopses the current process and
> in connection with kdump or panic on oops will halt the machine.
>
> References:
> https://bugs.launchpad.net/apparmor/+bug/789409
> https://bugzilla.novell.com/show_bug.cgi?id=717209
>
> Fix is in:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865
>
> This only affected Linux kernel mainline since the introduction of
> AppArmor up to and including 3.0-rc2
>
> The SUSE patchset used in our older distribution had a additional NULL
> check avoiding the issue.
>
> Ciao, Marcus

Please use CVE-2011-3619.

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team