CVE-2026-23404
Published: Apr 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 - < ea854f032190cc9f26dc4a0e727090c89e55e342affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 - < 4fdc847b107321dec22bf8ecd6019b7af76d7886affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 - < b36a04284d0208be94e5e401409caa00e2bf1be1affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 - < 33959a491e9fd557abfa5fce5ae4637d400915d3affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 - < 999bd704b0b641527a5ed46f0d969deff8cfa68b+3 more versions |
Linux | Linux | affected 2.6.36unaffected 0 - < 2.6.36unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.169 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now