CVE-2026-23408

Published: Apr 1, 2026Modified: Apr 24, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) { then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name; however ent->ns_name is freed at 1262 aa_load_ent_free(ent); and then again when freeing ns_name at 1270 kfree(ns_name); Fix this by NULLing out ent->ns_name after it is transferred to ns_name ")

Affected (15)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.203
Linux Linux Kernel	From 5.16 to 6.1.169
Linux Linux Kernel	From 5.5.1 to 5.10.253
Linux Linux Kernel	From 6.13 to 6.18.18
Linux Linux Kernel	From 6.19 to 6.19.8
Linux Linux Kernel	From 6.2 to 6.6.130
Linux Linux Kernel	From 6.7 to 6.12.77
Linux Linux Kernel	Version 5.5
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5
Linux Linux Kernel	Version 7.0 rc6
Linux Linux Kernel	Version 7.0 rc7