[Bug 2143853] Re: apparmor LSM vulnerabilities

Mon, 16 Mar 2026 07:05:56 -0700 

This bug was fixed in the package linux - 5.15.0-173.183

---------------
linux (5.15.0-173.183) jammy; urgency=medium

  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

** Description changed:

  Tracking following upstream commits:
  8e135b8aee5a apparmor: fix race between freeing data and fs accessing it
  a0b7091c4de4 apparmor: fix race on rawdata dereference
  39440b137546 apparmor: fix differential encoding verification
  6601e13e8284 apparmor: fix unprivileged local user can do privileged policy 
management
  5df0c44e8f5f apparmor: Fix double free of ns_name in aa_replace_profiles()
  d352873bbefa apparmor: fix missing bounds check on DEFAULT table in 
verify_dfa()
  8756b68edae3 apparmor: fix side-effect bug in match_char() macro usage
  306039414932 apparmor: fix: limit the number of levels of policy namespaces
  ab09264660f9 apparmor: replace recursive profile removal with iterative 
approach
  e38c55d9f834 apparmor: fix memory leak in verify_header
  9063d7e2615f apparmor: validate DFA start states are in bounds in unpack_pdb
  
+ References:
+ https://ubuntu.com/blog/apparmor-vulnerability-fixes-available
+ https://ubuntu.com/security/vulnerabilities/crackarmor
+ https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
+ 
  There are no CVE(s) for those issues yet.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143853

Title:
  apparmor LSM vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2143853/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to