Memory Leak Vulnerability in Linux Kernel's AppArmor
CVE-2024-56741

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

What is CVE-2024-56741?

A memory leak vulnerability exists within the Linux kernel's AppArmor functionality, specifically in the aa_unpack_strdup() function. The issue arises from the use of kmemdup() to allocate a string, which is not properly freed, leading to memory leaks during execution. As a result, this oversight can cause unreferenced memory objects to accumulate, potentially impacting system performance and stability. Effective measures to address this vulnerability involve ensuring that allocated memory is properly released after use. System administrators and developers are encouraged to monitor and apply relevant kernel updates to mitigate any associated risks.

Affected Version(s)

Linux 4d944bcd4e731ab7bfe8d01a7041ea0ebdc090f1

Linux 4d944bcd4e731ab7bfe8d01a7041ea0ebdc090f1 < 5354599855a9b5568e05ce686119ee3ff8b19bd5

Linux 4d944bcd4e731ab7bfe8d01a7041ea0ebdc090f1 < 89265f88701e54dde255ddf862093baeca57548c

References

https://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9...

https://git.kernel.org/stable/c/5354599855a9b5568e05ce686...

https://git.kernel.org/stable/c/89265f88701e54dde255ddf86...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024