kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #63218
[Bug 1308765] Re: refcount bug in apparmor pivotroot handling
** Also affects: linux (Ubuntu Utopic)
Importance: Undecided
Assignee: John Johansen (jjohansen)
Status: Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1308765
Title:
refcount bug in apparmor pivotroot handling
Status in “linux” package in Ubuntu:
Confirmed
Status in “linux” source package in Trusty:
Confirmed
Status in “linux” source package in Utopic:
Confirmed
Bug description:
There is a profile refcount bug in apparmor pivot_root mediation.
The code increments the profile refcount in one function and
decrements the refcount in another. However the code refactoring made
it so the target profile, that has its refcount incremented is not
returned to the fn that is putting the reference. This results in the
put always being done on NULL, so that the reference is never actually
decremented.
This bug will result in the memory associated with the profile leaking
if the profile is ever replaced or removed.
This bug was discovered in auditing of the code
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308765/+subscriptions
References