{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23403", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.012Z", "datePublished": "2026-04-01T08:36:34.269Z", "dateUpdated": "2026-05-11T22:06:14.098Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:14.098Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix memory leak in verify_header\n\nThe function sets `*ns = NULL` on every call, leaking the namespace\nstring allocated in previous iterations when multiple profiles are\nunpacked. This also breaks namespace consistency checking since *ns\nis always NULL when the comparison is made.\n\nRemove the incorrect assignment.\nThe caller (aa_unpack) initializes *ns to NULL once before the loop,\nwhich is sufficient."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/policy_unpack.c"], "versions": [{"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "9d678eb0fe55c9195d9a253e8c5b82a87b930737", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "6b79abcb3c985e153fcf9d395e1d4336081aabc2", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "bcf82c0c5a8b383fd2d5d8f3fd880cdcab2ac557", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "663ce34786e759ebcbeb3060685c20bcc886d51a", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "786e2c2a87d9c505f33321d1fd23a176aa8ddeb1", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "4f0889f2df1ab99224a5e1ac4e20437eea5fe38e", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "42fd831abfc15d0643c14688f0522556b347e7e6", "status": "affected", "versionType": "git"}, {"version": "dd51c84857630e77c139afe4d9bba65fc051dc3f", "lessThan": "e38c55d9f834e5b848bfed0f5c586aaf45acb825", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/policy_unpack.c"], "versions": [{"version": "3.12", "status": "affected"}, {"version": "0", "lessThan": "3.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.169", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.18", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.8", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.1.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.18.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.19.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d678eb0fe55c9195d9a253e8c5b82a87b930737"}, {"url": "https://git.kernel.org/stable/c/6b79abcb3c985e153fcf9d395e1d4336081aabc2"}, {"url": "https://git.kernel.org/stable/c/bcf82c0c5a8b383fd2d5d8f3fd880cdcab2ac557"}, {"url": "https://git.kernel.org/stable/c/663ce34786e759ebcbeb3060685c20bcc886d51a"}, {"url": "https://git.kernel.org/stable/c/786e2c2a87d9c505f33321d1fd23a176aa8ddeb1"}, {"url": "https://git.kernel.org/stable/c/4f0889f2df1ab99224a5e1ac4e20437eea5fe38e"}, {"url": "https://git.kernel.org/stable/c/42fd831abfc15d0643c14688f0522556b347e7e6"}, {"url": "https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825"}], "title": "apparmor: fix memory leak in verify_header", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0931301A-390F-4D6A-95A4-6D822A49CA04", "versionEndExcluding": "5.10.253", "versionStartIncluding": "3.12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451", "versionEndExcluding": "6.1.169", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "346AD1FB-0CE8-4D9D-8E56-5EB1A4D06199", "versionEndExcluding": "6.18.18", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C65A7D85-C7C6-485E-AC35-66A374C73FAC", "versionEndExcluding": "6.19.8", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.12:-:*:*:*:*:*:*", "matchCriteriaId": "5BAA3B29-CC59-41A5-AFBD-D7C24E65FC2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix memory leak in verify_header\n\nThe function sets `*ns = NULL` on every call, leaking the namespace\nstring allocated in previous iterations when multiple profiles are\nunpacked. This also breaks namespace consistency checking since *ns\nis always NULL when the comparison is made.\n\nRemove the incorrect assignment.\nThe caller (aa_unpack) initializes *ns to NULL once before the loop,\nwhich is sufficient."}], "id": "CVE-2026-23403", "lastModified": "2026-04-24T18:39:58.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T09:16:15.803", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/42fd831abfc15d0643c14688f0522556b347e7e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f0889f2df1ab99224a5e1ac4e20437eea5fe38e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/663ce34786e759ebcbeb3060685c20bcc886d51a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b79abcb3c985e153fcf9d395e1d4336081aabc2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/786e2c2a87d9c505f33321d1fd23a176aa8ddeb1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9d678eb0fe55c9195d9a253e8c5b82a87b930737"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bcf82c0c5a8b383fd2d5d8f3fd880cdcab2ac557"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: apparmor: fix memory leak in verify_header", "id": "2453796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453796"}, "csaw": false, "cwe": "CWE-763", "details": ["A flaw was found in AppArmor within the Linux kernel. This vulnerability, located in the verify_header function, causes a memory leak by incorrectly handling namespace strings when multiple security profiles are processed. This can lead to a gradual depletion of system memory, potentially impacting system stability and the integrity of security policy enforcement."], "name": "CVE-2026-23403", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23403\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23403\nhttps://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23403-f22c@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dd51c84857630e77c139afe4d9bba65fc051dc3f,663ce34786e759ebcbeb3060685c20bcc886d51a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dd51c84857630e77c139afe4d9bba65fc051dc3f,786e2c2a87d9c505f33321d1fd23a176aa8ddeb1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dd51c84857630e77c139afe4d9bba65fc051dc3f,4f0889f2df1ab99224a5e1ac4e20437eea5fe38e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dd51c84857630e77c139afe4d9bba65fc051dc3f,42fd831abfc15d0643c14688f0522556b347e7e6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dd51c84857630e77c139afe4d9bba65fc051dc3f,e38c55d9f834e5b848bfed0f5c586aaf45acb825)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.12"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,3.12)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.18,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.8,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc4,*)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T09:00:44.431939+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that contains the patch that removes the incorrect assignment in verify_header.", "If an immediate update is not possible, restrict which users can unpack AppArmor profiles and monitor system memory for gradual depletion.", "Apply the upstream patch once available from the Linux kernel maintainers."], "summary": {"action": "Apply patch", "impact": "Denial of Service via memory exhaustion"}, "threat_synthesis": {"affected_systems": "The flaw is present in all Linux kernel releases that include AppArmor before the commit that removes the incorrect assignment. Distributions shipping these kernel versions are therefore impacted; no specific version range is given, so all affected kernels prior to the patch should be considered vulnerable.", "description_and_impact": "The vulnerability resides in the AppArmor subsystem of the Linux kernel, where the function verify_header mistakenly assigns *ns to NULL on each call. This causes any namespace string allocated by previous iterations to be leaked, resulting in a cumulative memory leak that can eventually exhaust system memory. Additionally, the always\u2011NULL value breaks namespace consistency checks, potentially leading to further instability within the security framework.", "risk_and_exploitability": "EPSS indicates a probability of exploitation below 1% and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting a low likelihood of real\u2011world exploitation. Based on the description, it is inferred that an attacker requires local privileges and the ability to trigger repeated AppArmor profile unpacking to exploit the memory leak. The CVSS score is 5.5, and the impact is confined to denial of service through memory exhaustion rather than confidentiality or integrity compromise."}}}}, "created": "2026-04-02T07:49:41.207541+00:00", "updated": "2026-04-28T09:15:09.675874+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}