SB2026040157 - Out-of-bounds write in Linux kernel apparmor
Published: April 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-23407)
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to improper bounds checking in the AppArmor verify_dfa() function when parsing a malformed DFA policy. A local user can provide a specially crafted AppArmor policy with differential encoding that triggers out-of-bounds memory access to execute arbitrary code or crash the kernel.
Successful exploitation requires the ability to load a malicious AppArmor profile, which requires user privileges but no special administrative rights beyond those needed to manage AppArmor policies.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5a68e46dfe0c8c8ffc6f425ebc4cae6238566ecc
- https://git.kernel.org/stable/c/76b4d36c5122866452d34d8f79985e191f9c3831
- https://git.kernel.org/stable/c/7c7cf05e0606f554c467e3a4dc49e2e578a755b4
- https://git.kernel.org/stable/c/d352873bbefa7eb39995239d0b44ccdf8aaa79a4
- https://git.kernel.org/stable/c/f39e126e56c6ec1930fae51ad6bca3dae2a4c3ed