Linux Kernel AppArmor Memory Leak Vulnerability in Header Verification

A memory leak vulnerability has been identified in the Linux kernel's AppArmor module, specifically within the profile header verification process. The issue arises because the function incorrectly sets the namespace pointer to NULL on each call, which causes a leak of the namespace string allocated in previous iterations when multiple profiles are unpacked. This flaw not only leads to a memory leak but also disrupts the consistency checking of namespaces, as the pointer is always NULL during comparisons. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, causing allocated namespace strings to be lost and not properly freed, which could potentially be exploited to create a denial-of-service condition by exhausting available memory.

Reproduction

The vulnerability can be reproduced by loading multiple AppArmor profiles that unpack namespace strings during the verification process. The incorrect handling of the namespace pointer will cause a leak of the strings allocated in previous iterations, leading to a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.