Allele Security Alert
ASA-2019-00636
Identifier(s)
ASA-2019-00636, CVE-2019-18814
Title
Use-after-free in aa_audit_rule_init()
Vendor(s)
Linux foundation
Product(s)
Linux kernel
Affected version(s)
Linux kernel versions from 4.18 through 5.3
Linux kernel version since commit:
apparmor: Fix memory leak of rule on error exit path
https://github.com/torvalds/linux/commit/52e8c38001d8ef0ca07ef428e480cd4a35e46abf
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
Technical details
Unknown
Credits
Navid Emamdoost
Reference(s)
[v3] apparmor: Fix use-after-free in aa_audit_rule_init
https://lore.kernel.org/patchwork/patch/1142523/
apparmor: Fix memory leak of rule on error exit path
https://github.com/torvalds/linux/commit/52e8c38001d8ef0ca07ef428e480cd4a35e46abf
CVE-2019-18814 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-18814
CVE-2019-18814
https://security-tracker.debian.org/tracker/CVE-2019-18814
CVE-2019-18814 | SUSE
https://www.suse.com/security/cve/CVE-2019-18814
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18814.html
CVE-2019-18814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18814
CVE-2019-18814
https://nvd.nist.gov/vuln/detail/CVE-2019-18814
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 15, 2019