SB2026040155 - Resource exhaustion in Linux kernel apparmor
Published: April 1, 2026
Security Bulletin ID
SB2026040155
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2026-23405)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource management in the AppArmor policy namespace subsystem when creating nested policy namespaces. A local user can create deeply nested policy namespaces to cause a denial of service.
Exploitation requires the ability to create AppArmor policy namespaces, which is available to unprivileged users in a user namespace.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2
- https://git.kernel.org/stable/c/3f8699b3ee0c04b4b9bc27b82cd89a40e81e1d2e
- https://git.kernel.org/stable/c/7b6495ead2c611647f6b11441a852324e3eb8616
- https://git.kernel.org/stable/c/853ce31ca72097d23991a06876a2ccb5cb64b603
- https://git.kernel.org/stable/c/d42b2b6bb77ca40ee34ab74ad79305840b5f315d