7.8
CVE-2026-23411
- EPSS 0.15%
- Veröffentlicht 01.04.2026 08:36:39
- Zuletzt bearbeitet 24.04.2026 15:23:12
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
apparmor: fix race between freeing data and fs accessing it
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.13.1 < 5.10.253
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.203
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.169
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.130
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.77
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.18
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.8
Linux ≫ Linux Kernel Version4.13 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
Linux ≫ Linux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.04 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/ae10787d955fb255d381e0d5589451dd72c614b1
https://git.kernel.org/stable/c/eecce026399917f6efa532c56bc7a3e9dd6ee68b
https://git.kernel.org/stable/c/13bc2772414d68e94e273dea013181a986948ddf
https://git.kernel.org/stable/c/2a732ed26fbd048e7925d227af8cf9ea43fb5cc9
https://git.kernel.org/stable/c/8e135b8aee5a06c52a4347a5a6d51223c6f36ba3
https://git.kernel.org/stable/c/3ddb961d2929bbb3204a2bba21b5d8153cd3f7cc
https://git.kernel.org/stable/c/667df93769c02ff581c77d2d8f162147e719c557
https://git.kernel.org/stable/c/a92c5e5086a87d082696245a8607666da3d80554