CVE-2023-52443

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.0-rc2-dirty #16

Description The vulnerability is related to the apparmor module in the Linux kernel. When processing a packed profile in unpack profile(), a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa splitn fqname(). This function treats the string as only containing a namespace, returning NULL for tmpname while tmpns is non-NULL. Later, aa alloc profile() crashes as the new profile name is NULL, resulting in a general protection fault. The issue is caused by the fact that nothing can prevent the unpacked "name" from being in a form like ":samba-dcerpcd", which is passed from userspace. To mitigate this, the whole profile set replacement should be denied in such cases, and the user should be informed with EPROTO and an explaining message.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.