CVE-2022-50074

apparmor: Fix memleak in aa_simple_write_to_buffer()

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6500eb3a48ac221051b1791818a1ac74744ef617
https://git.kernel.org/stable/c/7db182a2ebeefded86fea542fcc5d6a68bb77f58
https://git.kernel.org/stable/c/8aab4295582eb397a125d2788b829fa62b88dbf7
https://git.kernel.org/stable/c/bf7ebebce2c25071c719fd8a2f1307e0c243c2d7
https://git.kernel.org/stable/c/6583edbf459de2e06b9759f264c0ae27e452b97a
https://git.kernel.org/stable/c/417ea9fe972d2654a268ad66e89c8fcae67017c3

Frequently Asked Questions

What is the severity of CVE-2022-50074?
CVE-2022-50074 has not yet been assigned a CVSS score.
How to fix CVE-2022-50074?
To fix CVE-2022-50074, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50074 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50074 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50074?
CVE-2022-50074 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.