SB2026040159 - Resource exhaustion in Linux kernel apparmor
Published: April 1, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2026-23409)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in AppArmor's differential encoding verification when processing encoded profile data. A local user can provide a specially crafted differential-encoded profile that creates loops in the chain to cause a denial of service.
Successful exploitation requires the ability to load AppArmor profiles, which is restricted to privileged users. However, since no additional authentication beyond standard system privileges is required, the attacker capability is considered as a local user with low privileges in the context of the vulnerability.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1ff4857fac56ac5a90ee63b24db05fa5e91a45aa
- https://git.kernel.org/stable/c/34fc60b125ed1d4eb002c76b0664bf0619492167
- https://git.kernel.org/stable/c/39440b137546a3aa383cfdabc605fb73811b6093
- https://git.kernel.org/stable/c/623a9d211bbbb031bb1cbdb38b23487648167f8a
- https://git.kernel.org/stable/c/f90e3ecd9e1ed69f1a370f866ceed1f104f3ab4a