SB2026061012 - Incorrect calculation in Linux kernel apparmor
Published: June 10, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2026-46328)
CWE-ID: CWE-682 - Incorrect Calculation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of rlimit updates in AppArmor resource limit enforcement when transitioning rlimits for posix cpu timers. A local user can trigger an incorrect cpu time limit update to cause a denial of service.
The issue affects systems with posix timers enabled.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f736dfe27c857b78f8461cd7c3dd9640be74b37
- https://git.kernel.org/stable/c/2232d7cd243833ad750cae656d1817fe43744a09
- https://git.kernel.org/stable/c/28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3
- https://git.kernel.org/stable/c/57d51d41b90eface809b72e0e009b50546492f1f
- https://git.kernel.org/stable/c/6ca56813f4a589f536adceb42882855d91fb1125
- https://git.kernel.org/stable/c/9bf1fa150775b0c6b794e4b6a2c0395e13777999
- https://git.kernel.org/stable/c/e1cc11550b2f66687a374536c9dfdddcefca0efe
- https://git.kernel.org/stable/c/e43818b16815c0c2bf933ef28316f8e704e5e0ef