CVE-2026-23268

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An unprivileged local user can potentially gain privileged policy management capabilities within the Linux kernel due to a confused deputy attack. This occurs when an unprivileged user loads, replaces, or removes AppArmor profiles by exploiting the apparmorfs interfaces. The attack involves passing a file descriptor to a privileged process, which then performs a write operation to the interface on behalf of the unprivileged user. Successful exploitation could lead to removing confinement, causing a denial-of-service (DoS) condition for system or target applications, bypassing unprivileged user namespace restrictions, or potentially exploiting kernel bugs for local privilege escalation. The issue arises because the policy management interface cannot simply have its permissions restricted without impacting legitimate use cases. The core problem is that unconfined processes can delegate access to the opened file descriptor, bypassing the standard policy check.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.