SB2026040156 - Out-of-bounds write in Linux kernel apparmor
Published: April 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-23406)
The vulnerability allows a local user to cause a denial of service or potentially execute arbitrary code.
The vulnerability exists due to improper pointer arithmetic in the AppArmor match_char() macro within the Linux kernel's DFA matching logic when processing path permissions during file open operations. A local user can provide a specially crafted file access request that triggers differential encoding chain traversal with a post-incremented string pointer, causing the pointer to advance multiple times per iteration and resulting in out-of-bounds memory reads. This can lead to kernel memory corruption and system instability.
The vulnerability is exploitable during AppArmor policy enforcement when opening files, and may allow privilege escalation or system crash.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0510d1ba0976f97f521feb2b75b0572ea5df3ceb
- https://git.kernel.org/stable/c/383b7270faf42564f133134c2fc3c24bbae52615
- https://git.kernel.org/stable/c/5a184f7cbdeaad17e16dedf3c17d0cd622edfed8
- https://git.kernel.org/stable/c/8756b68edae37ff546c02091989a4ceab3f20abd
- https://git.kernel.org/stable/c/b73c1dff8a9d7eeaebabf8097a5b2de192f40913