Impact
A null pointer dereference was introduced in the AppArmor 5.0.0 Linux kernel module when handling file descriptors sent via SCM_RIGHTS. When a socket or its sock structure is NULL during socket setup or teardown, the __unix_needs_revalidation function dereferences sock->sk->sk_family without a NULL check, causing a kernel BUG and crash. The resulting kernel panic halts services on the affected host, effectively denying availability for processes relying on the kernel.
Affected Systems
Linux kernel installations that include AppArmor version 5.0.0 or later, specifically kernel 6.17 and newer, are impacted. Kernel versions earlier than 6.17 or AppArmor releases prior to 5.0.0 are not affected by this regression.
Risk and Exploitability
The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog. The description indicates the flaw is triggered when a process receives file descriptors via SCM_RIGHTS and the socket structures are malformed. This scenario requires the attacker to influence socket setup or teardown, which is most likely a local or privileged action. The CVSS score of 5.5 reflects medium severity due to the kernel crash but no confirmed exploits exist at this time.
OpenCVE Enrichment
Ubuntu USN