CVE-2026-23411

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's AppArmor component contained a race condition between freeing data and filesystem access to it. AppArmor was releasing the reference to i private data after removing the original entry from the filesystem. However, the inode could still be accessed by filesystem callback functions after the reference was released, leading to a potential race condition where the data could be freed while still being accessed. The rawdata/loaddata functionality was identified as the most likely candidate for triggering this race, but it was possible to trigger it for other types of data stored in i private.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-825

Related Identifiers

BDU:2026-07605

CVE-2026-23411

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OESA-2026-1950

USN-8098-10

USN-8152-1

USN-8163-1

USN-8163-2

USN-8164-1

USN-8165-1

USN-8201-1

USN-8224-1

USN-8243-1

USN-8261-1

USN-8266-1

USN-8267-1

Affected Products

Apparmor

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23411

Weakness Enumeration

Related Identifiers

Affected Products

References · 924