CVE-2022-50077

apparmor: fix reference count leak in aa_pivotroot()

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d53194707d2a1851be027cd74266b96ceff799d3
https://git.kernel.org/stable/c/f4d5c7796571624e3f380b447ada52834270a287
https://git.kernel.org/stable/c/ef6fb6f0d0d8440595b45a7e53c6162c737177f4
https://git.kernel.org/stable/c/2ceeb3296e9dde1d5772348046affcefdea605e2
https://git.kernel.org/stable/c/64103ea357734b82384c925cba4758fdb909be0c
https://git.kernel.org/stable/c/3ca40ad7afae144169a43988ef1a3f16182faf0a
https://git.kernel.org/stable/c/11c3627ec6b56c1525013f336f41b79a983b4d46

Frequently Asked Questions

What is the severity of CVE-2022-50077?
CVE-2022-50077 has not yet been assigned a CVSS score.
How to fix CVE-2022-50077?
To fix CVE-2022-50077, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50077 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50077 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50077?
CVE-2022-50077 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.