CVE-2026-23405

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in apparmor where the number of policy namespaces is not bounded, potentially leading to resource exhaustion through arbitrary nesting. This issue is not strictly tied to user namespaces, allowing for the creation and nesting of policy namespaces to an unlimited depth.

Recommendations Limit the depth of policy namespaces to match the depth of user namespaces.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23405

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OESA-2026-1950

USN-8098-10

USN-8152-1

USN-8163-1

USN-8163-2

USN-8164-1

USN-8165-1

USN-8201-1

USN-8224-1

USN-8243-1

USN-8261-1

USN-8266-1

USN-8267-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23405

Related Identifiers

Affected Products

References · 921