CVE-2026-23410

EPSS 0.01%
Veröffentlicht 01.04.2026 08:36:39
Zuletzt bearbeitet 24.04.2026 15:23:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

apparmor: fix race on rawdata dereference

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix race on rawdata dereference

There is a race condition that leads to a use-after-free situation:
because the rawdata inodes are not refcounted, an attacker can start
open()ing one of the rawdata files, and at the same time remove the
last reference to this rawdata (by removing the corresponding profile,
for example), which frees its struct aa_loaddata; as a result, when
seq_rawdata_open() is reached, i_private is a dangling pointer and
freed memory is accessed.

The rawdata inodes weren't refcounted to avoid a circular refcount and
were supposed to be held by the profile rawdata reference.  However
during profile removal there is a window where the vfs and profile
destruction race, resulting in the use after free.

Fix this by moving to a double refcount scheme. Where the profile
refcount on rawdata is used to break the circular dependency. Allowing
for freeing of the rawdata once all inode references to the rawdata
are put.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 15 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.13.1 < 5.10.253

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.203

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.169

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.130

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.77

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.18

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.8

Linux ≫ Linux Kernel Version4.13 Update-

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Linux ≫ Linux Kernel Version7.0 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/6ef1f2926c41ab96952d9696d55a052f1b3a9418

Patch

https://git.kernel.org/stable/c/f9761add6d100962a23996cb68f3d6abdd4d1815

Patch

https://git.kernel.org/stable/c/af782cc8871e3683ddd5a3cd2f7df526599863a9

Patch

https://git.kernel.org/stable/c/763e838adc3c7ec5a7df2990ce84cad951e42721

Patch

https://git.kernel.org/stable/c/a0b7091c4de45a7325c8780e6934a894f92ac86b

Patch

https://git.kernel.org/stable/c/3b8e77c7abab40e6de9ad9de730d77984a498840

Patch