PT-2026-26129 · Linux+2 · Linux Kernel+2

Published

2026-01-01

·

Updated

2026-05-11

·

CVE-2026-23269

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the AppArmor subsystem related to the handling of Deterministic Finite Automata (DFA) start states during policy unpacking. Specifically, the unpack pdb() function reads start states from untrusted data, which are then used as indexes into the DFA state tables. If a start state value exceeds the defined number of states within the DFA, an out-of-bounds read can occur when the aa dfa next() function accesses dfa->tables[YYTD ID BASE][start]. This can lead to a kernel memory corruption issue. The issue is addressed by rejecting policies with out-of-bounds start states during unpacking.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-23269
LSN-0119-1
OESA-2026-1946
OESA-2026-1947
OESA-2026-1948
OESA-2026-1950
OPENSUSE-SU-2026:20826-1
SUSE-SU-2026:0961-1
SUSE-SU-2026:0962-1
SUSE-SU-2026:0984-1
SUSE-SU-2026:1003-1
SUSE-SU-2026:1041-1
SUSE-SU-2026:1077-1
SUSE-SU-2026:1078-1
SUSE-SU-2026:1081-1
SUSE-SU-2026:1131-1
SUSE-SU-2026:2068-1
SUSE-SU-2026:2111-1
SUSE-SU-2026:21841-1
SUSE-SU-2026:21845-1
SUSE-SU-2026:21860-1
SUSE-SU-2026:21876-1
SUSE-SU-2026:21877-1
SUSE-SU-2026:21916-1
SUSE-SU-2026:21919-1
SUSE-SU-2026:2195-1
SUSE-SU-2026:2202-1
SUSE-SU-2026:2215-1
SUSE-SU-2026:2216-1
SUSE-SU-2026:2217-1
SUSE-SU-2026:2238-1
USN-8098-10
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8164-1
USN-8165-1
USN-8201-1
USN-8224-1
USN-8243-1
USN-8261-1
USN-8266-1
USN-8267-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu