CVE-2026-23410

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a race condition within the AppArmor subsystem that can lead to a use-after-free situation. This occurs because rawdata inodes are not properly reference counted, allowing an attacker to manipulate the system such that memory is accessed after it has been freed. Specifically, an attacker can open rawdata files while simultaneously removing the last reference to the rawdata, leading to a dangling pointer in seq rawdata open() and subsequent access to freed memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-911CWE-416

Related Identifiers

BDU:2026-07608

CVE-2026-23410

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OESA-2026-1950

USN-8098-10

USN-8152-1

USN-8163-1

USN-8163-2

USN-8164-1

USN-8165-1

USN-8201-1

USN-8224-1

USN-8243-1

USN-8261-1

USN-8266-1

USN-8267-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23410

Weakness Enumeration

Related Identifiers

Affected Products

References · 924