CVE-2022-50077

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/11c3627ec6b56c1525013f336f41b79a983b4d46	Patch
https://git.kernel.org/stable/c/2ceeb3296e9dde1d5772348046affcefdea605e2	Patch
https://git.kernel.org/stable/c/3ca40ad7afae144169a43988ef1a3f16182faf0a	Patch
https://git.kernel.org/stable/c/64103ea357734b82384c925cba4758fdb909be0c	Patch
https://git.kernel.org/stable/c/d53194707d2a1851be027cd74266b96ceff799d3	Patch
https://git.kernel.org/stable/c/ef6fb6f0d0d8440595b45a7e53c6162c737177f4	Patch
https://git.kernel.org/stable/c/f4d5c7796571624e3f380b447ada52834270a287	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.14:-::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc7::::::
	cpe:2.3:o:linux:linux_kernel:4.14:rc8::::::

History

17 Nov 2025, 19:27

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/11c3627ec6b56c1525013f336f41b79a983b4d46 -~~	() https://git.kernel.org/stable/c/11c3627ec6b56c1525013f336f41b79a983b4d46 - Patch
References	~~() https://git.kernel.org/stable/c/2ceeb3296e9dde1d5772348046affcefdea605e2 -~~	() https://git.kernel.org/stable/c/2ceeb3296e9dde1d5772348046affcefdea605e2 - Patch
References	~~() https://git.kernel.org/stable/c/3ca40ad7afae144169a43988ef1a3f16182faf0a -~~	() https://git.kernel.org/stable/c/3ca40ad7afae144169a43988ef1a3f16182faf0a - Patch
References	~~() https://git.kernel.org/stable/c/64103ea357734b82384c925cba4758fdb909be0c -~~	() https://git.kernel.org/stable/c/64103ea357734b82384c925cba4758fdb909be0c - Patch
References	~~() https://git.kernel.org/stable/c/d53194707d2a1851be027cd74266b96ceff799d3 -~~	() https://git.kernel.org/stable/c/d53194707d2a1851be027cd74266b96ceff799d3 - Patch
References	~~() https://git.kernel.org/stable/c/ef6fb6f0d0d8440595b45a7e53c6162c737177f4 -~~	() https://git.kernel.org/stable/c/ef6fb6f0d0d8440595b45a7e53c6162c737177f4 - Patch
References	~~() https://git.kernel.org/stable/c/f4d5c7796571624e3f380b447ada52834270a287 -~~	() https://git.kernel.org/stable/c/f4d5c7796571624e3f380b447ada52834270a287 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: se corrige una fuga de referencias en aa_pivotroot(). La función aa_pivotroot() presenta un error de conteo de referencias en una ruta específica. Cuando aa_replace_current_label() retorna con éxito, la función olvida decrementar el conteo de referencias de "target", que se incrementa previamente mediante build_pivotroot(), lo que provoca una fuga de referencias. Para solucionarlo, reduzca el conteo de referencias de "target" en esa ruta.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-Other
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:4.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:4.14:rc8:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:4.14:rc7:::::: cpe:2.3:o:linux:linux_kernel:4.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:4.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:4.14:-:::::: cpe:2.3:o:linux:linux_kernel:4.14:rc2::::::

18 Jun 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 11:15

Updated : 2025-11-17 19:27

NVD link : CVE-2022-50077

Mitre link : CVE-2022-50077

CVE.ORG link : CVE-2022-50077

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10