CVE-2026-45966

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix NULL pointer dereference in unix needs revalidation

When receiving file descriptors via SCM RIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer dereferences in unix needs revalidation().

This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new unix needs revalidation() function was added without proper NULL checks.

The crash manifests as: BUG: kernel NULL pointer dereference, address: 0x0000000000000018 RIP: aa file perm+0xb7/0x3b0 (or +0xbe/0x3b0, +0xc0/0x3e0) Call Trace: apparmor file receive+0x42/0x80 security file receive+0x2e/0x50 receive fd+0x1d/0xf0 scm detach fds+0xad/0x1c0

The function dereferences sock->sk->sk family without checking if either sock or sock->sk is NULL first.

Add NULL checks for both sock and sock->sk before accessing sk family.