Incorrect calculation in Linux kernel - CVE-2026-46328
Published: June 10, 2026
Vulnerability identifier: #VU134172
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46328
CWE-ID: CWE-682
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of rlimit updates in AppArmor resource limit enforcement when transitioning rlimits for posix cpu timers. A local user can trigger an incorrect cpu time limit update to cause a denial of service.
The issue affects systems with posix timers enabled.
How to mitigate CVE-2026-46328
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1f736dfe27c857b78f8461cd7c3dd9640be74b37
- https://git.kernel.org/stable/c/2232d7cd243833ad750cae656d1817fe43744a09
- https://git.kernel.org/stable/c/28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3
- https://git.kernel.org/stable/c/57d51d41b90eface809b72e0e009b50546492f1f
- https://git.kernel.org/stable/c/6ca56813f4a589f536adceb42882855d91fb1125
- https://git.kernel.org/stable/c/9bf1fa150775b0c6b794e4b6a2c0395e13777999
- https://git.kernel.org/stable/c/e1cc11550b2f66687a374536c9dfdddcefca0efe
- https://git.kernel.org/stable/c/e43818b16815c0c2bf933ef28316f8e704e5e0ef