CVE-2023-52443: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52443 is a vulnerability in the Linux kernel's AppArmor security module that was discovered and reported by the Linux Verification Center (linuxtesting.org). The vulnerability was disclosed on February 22, 2024, affecting multiple versions of the Linux kernel up to version 6.7.2 (NVD).

The vulnerability occurs when processing a packed profile in unpackprofile() with a specific profile format like 'profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}'. When a string ':samba-dcerpcd' is unpacked as a fully-qualified name and passed to aasplitnfqname(), the function treats it as only containing a namespace, returning NULL for tmpname while tmpns is non-NULL. This leads to a null pointer dereference in aaalloc_profile() as the new profile name is NULL (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a system crash (denial of service) due to a general protection fault when processing certain AppArmor profile configurations. This occurs through a null pointer dereference in the kernel's AppArmor subsystem (NVD).

The vulnerability has been fixed in multiple Linux kernel versions through patches that add validation to prevent empty profile names. The fix includes denying the whole profile set replacement in such cases and informing users with EPROTO and an explaining message (Kernel Patch). Various Linux distributions have released updates to address this vulnerability, including Ubuntu and Debian (Ubuntu Security).