Main Vulnerability Database Vulnerabilities #VU124774

Out-of-bounds write in Linux kernel - CVE-2026-23406

Published: April 1, 2026

Vulnerability identifier: #VU124774

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23406

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service or potentially execute arbitrary code.

The vulnerability exists due to improper pointer arithmetic in the AppArmor match_char() macro within the Linux kernel's DFA matching logic when processing path permissions during file open operations. A local user can provide a specially crafted file access request that triggers differential encoding chain traversal with a post-incremented string pointer, causing the pointer to advance multiple times per iteration and resulting in out-of-bounds memory reads. This can lead to kernel memory corruption and system instability.

The vulnerability is exploitable during AppArmor policy enforcement when opening files, and may allow privilege escalation or system crash.

How to mitigate CVE-2026-23406

Install security update from vendor's repository.

Out-of-bounds write in Linux kernel - CVE-2026-23406

Detailed vulnerability description

How to mitigate CVE-2026-23406

Sources

Please verify you're human