CVE-2026-23407

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc7-next-20260127

Description The Linux kernel contains a flaw within the AppArmor subsystem, specifically in the verify dfa() function. This function lacks a bounds check on the DEFAULT table when handling differentially encoded states. A malformed DFA (Deterministic Finite Automaton) with a DEFAULT TABLE entry exceeding the state count can lead to out-of-bounds reads and writes. This issue was identified through KASAN (Kernel Address Sanitizer) reporting, indicating a slab-out-of-bounds error during verification. The root cause is the missing validation of array indices when traversing the differential encoding chain.

Recommendations Update the Linux kernel to version 6.19.0-rc7-next-20260127 or a later version that includes the fix.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-07606

CVE-2026-23407

OESA-2026-1950

OESA-2026-2172

OESA-2026-2176

USN-8098-10

USN-8152-1

USN-8163-1

USN-8163-2

USN-8164-1

USN-8165-1

USN-8201-1

USN-8224-1

USN-8243-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23407

Weakness Enumeration

Related Identifiers

Affected Products

References · 888