CVE-2022-50860 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it can not be freed by kfree_sensitive(), use aa_policy_destroy() to fix it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0250cf8d37bb5201a117177afd24dc73a1c81657
https://git.kernel.org/stable/c/12695b4b76d437b9c0182a6f7dfb2248013a9daf
https://git.kernel.org/stable/c/5f509fa740b17307f0cba412485072f632d5af36
https://git.kernel.org/stable/c/9a32aa87a25d800b2c6f47bc2749a7bfd9a486f3
https://git.kernel.org/stable/c/e9e6fa49dbab6d84c676666f3fe7d360497fd65b

History

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it can not be freed by kfree_sensitive(), use aa_policy_destroy() to fix it.
Title		apparmor: Fix memleak in alloc_ns()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0250cf8d37bb5201a117177afd24dc73a1c81657 https://git.kernel.org/stable/c/12695b4b76d437b9c0182a6f7dfb2248013a9daf https://git.kernel.org/stable/c/5f509fa740b17307f0cba412485072f632d5af36 https://git.kernel.org/stable/c/9a32aa87a25d800b2c6f47bc2749a7bfd9a486f3 https://git.kernel.org/stable/c/e9e6fa49dbab6d84c676666f3fe7d360497fd65b

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:15:33.859Z

Updated: 2025-12-30T12:15:33.859Z

Reserved: 2025-12-30T12:06:07.135Z

Link: CVE-2022-50860

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-30T13:16:00.787

Modified: 2025-12-30T13:16:00.787

Link: CVE-2022-50860

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50860", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:07.135Z", "datePublished": "2025-12-30T12:15:33.859Z", "dateUpdated": "2025-12-30T12:15:33.859Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:15:33.859Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix memleak in alloc_ns()\n\nAfter changes in commit a1bd627b46d1 (\"apparmor: share profile name on\nreplacement\"), the hname member of struct aa_policy is not valid slab\nobject, but a subset of that, it can not be freed by kfree_sensitive(),\nuse aa_policy_destroy() to fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/policy_ns.c"], "versions": [{"version": "a1bd627b46d169268a0ee5960899fb5be960a317", "lessThan": "9a32aa87a25d800b2c6f47bc2749a7bfd9a486f3", "status": "affected", "versionType": "git"}, {"version": "a1bd627b46d169268a0ee5960899fb5be960a317", "lessThan": "5f509fa740b17307f0cba412485072f632d5af36", "status": "affected", "versionType": "git"}, {"version": "a1bd627b46d169268a0ee5960899fb5be960a317", "lessThan": "0250cf8d37bb5201a117177afd24dc73a1c81657", "status": "affected", "versionType": "git"}, {"version": "a1bd627b46d169268a0ee5960899fb5be960a317", "lessThan": "12695b4b76d437b9c0182a6f7dfb2248013a9daf", "status": "affected", "versionType": "git"}, {"version": "a1bd627b46d169268a0ee5960899fb5be960a317", "lessThan": "e9e6fa49dbab6d84c676666f3fe7d360497fd65b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/policy_ns.c"], "versions": [{"version": "4.13", "status": "affected"}, {"version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.163", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.10.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9a32aa87a25d800b2c6f47bc2749a7bfd9a486f3"}, {"url": "https://git.kernel.org/stable/c/5f509fa740b17307f0cba412485072f632d5af36"}, {"url": "https://git.kernel.org/stable/c/0250cf8d37bb5201a117177afd24dc73a1c81657"}, {"url": "https://git.kernel.org/stable/c/12695b4b76d437b9c0182a6f7dfb2248013a9daf"}, {"url": "https://git.kernel.org/stable/c/e9e6fa49dbab6d84c676666f3fe7d360497fd65b"}], "title": "apparmor: Fix memleak in alloc_ns()", "x_generator": {"engine": "bippy-1.2.0"}}}}