Out-of-bounds write in Linux kernel - CVE-2026-23407
Published: April 1, 2026
Vulnerability identifier: #VU124775
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23407
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to improper bounds checking in the AppArmor verify_dfa() function when parsing a malformed DFA policy. A local user can provide a specially crafted AppArmor policy with differential encoding that triggers out-of-bounds memory access to execute arbitrary code or crash the kernel.
Successful exploitation requires the ability to load a malicious AppArmor profile, which requires user privileges but no special administrative rights beyond those needed to manage AppArmor policies.
How to mitigate CVE-2026-23407
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/5a68e46dfe0c8c8ffc6f425ebc4cae6238566ecc
- https://git.kernel.org/stable/c/76b4d36c5122866452d34d8f79985e191f9c3831
- https://git.kernel.org/stable/c/7c7cf05e0606f554c467e3a4dc49e2e578a755b4
- https://git.kernel.org/stable/c/d352873bbefa7eb39995239d0b44ccdf8aaa79a4
- https://git.kernel.org/stable/c/f39e126e56c6ec1930fae51ad6bca3dae2a4c3ed