Linux Kernel AppArmor String Buffer Overrun Vulnerability on ARM64 Snapdragon X1

A string buffer overrun vulnerability has been identified in the Linux kernel's AppArmor component. This issue occurs in version 7.0-rc4 and affects Ubuntu 26.04 running on ARM64 Qualcomm Snapdragon X1. The vulnerability arises from a missing string termination, leading to a slab-out-of-bounds error. The issue was introduced by an incorrect conversion from strcpy(), which allowed for the overrun during the handling of directory paths in AppArmor's namespace management.

Impact

Exploitation of this vulnerability causes a string buffer overrun, leading to a slab-out-of-bounds memory access. Such an access can potentially be exploited to manipulate memory in a way that could cause a crash or, in some cases, execute arbitrary code.

Reproduction

To reproduce this vulnerability, boot Ubuntu 26.04 with the Linux 7.0-rc4 kernel on a device with an ARM64 Qualcomm Snapdragon X1 processor. During the boot process, the AppArmor component will improperly handle string termination for directory paths, leading to a buffer overrun. This can be observed as a KASAN (Kernel Address Sanitizer) report indicating a slab-out-of-bounds error in the AppArmor matching function.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Ubuntu repositories. Instructions for upgrading the kernel can be found in the Ubuntu documentation.