Description
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
Product status
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before ea854f032190cc9f26dc4a0e727090c89e55e342
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before 4fdc847b107321dec22bf8ecd6019b7af76d7886
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before b36a04284d0208be94e5e401409caa00e2bf1be1
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before 33959a491e9fd557abfa5fce5ae4637d400915d3
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before 999bd704b0b641527a5ed46f0d969deff8cfa68b
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before 7eade846e013cbe8d2dc4a484463aa19e6515c7f
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before a6a941a1294ac5abe22053dc501d25aed96e48fe
c88d4c7b049e87998ac0a9f455aa545cc895ef92 (git) before ab09264660f9de5d05d1ef4e225aa447c63a8747
2.6.36
Any version before 2.6.36
5.10.253 (semver)
5.15.203 (semver)
6.1.169 (semver)
6.6.130 (semver)
6.12.77 (semver)
6.18.18 (semver)
6.19.8 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/ea854f032190cc9f26dc4a0e727090c89e55e342
git.kernel.org/...c/4fdc847b107321dec22bf8ecd6019b7af76d7886
git.kernel.org/...c/b36a04284d0208be94e5e401409caa00e2bf1be1
git.kernel.org/...c/33959a491e9fd557abfa5fce5ae4637d400915d3
git.kernel.org/...c/999bd704b0b641527a5ed46f0d969deff8cfa68b
git.kernel.org/...c/7eade846e013cbe8d2dc4a484463aa19e6515c7f
git.kernel.org/...c/a6a941a1294ac5abe22053dc501d25aed96e48fe
git.kernel.org/...c/ab09264660f9de5d05d1ef4e225aa447c63a8747