Main Vulnerability Database Vulnerabilities #VU124181

Improper Access Control in Linux kernel - CVE-2026-23268

Published: March 20, 2026

Vulnerability identifier: #VU124181

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23268

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.

The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.

The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.

How to mitigate CVE-2026-23268

Install security update from vendor's repository.

Improper Access Control in Linux kernel - CVE-2026-23268

Detailed vulnerability description

How to mitigate CVE-2026-23268

Sources

Please verify you're human