SB2026040152 - Use-after-free in Linux kernel apparmor
Published: April 1, 2026
Security Bulletin ID
SB2026040152
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-23410)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in AppArmor rawdata inode handling when opening rawdata files while simultaneously removing the corresponding profile. A local attacker can trigger a race condition to access freed memory and cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6ef1f2926c41ab96952d9696d55a052f1b3a9418
- https://git.kernel.org/stable/c/763e838adc3c7ec5a7df2990ce84cad951e42721
- https://git.kernel.org/stable/c/a0b7091c4de45a7325c8780e6934a894f92ac86b
- https://git.kernel.org/stable/c/af782cc8871e3683ddd5a3cd2f7df526599863a9
- https://git.kernel.org/stable/c/f9761add6d100962a23996cb68f3d6abdd4d1815