CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved:

AppArmor: Allow apparmor to handle unaligned dfa tables

The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures. Resulting in the following

[   73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa dfa unpack+0x6cc/0x720 [   74.015867] Modules linked in: binfmt misc evdev flash sg drm drm panel orientation quirks backlight i2c core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid generic usbhid sr mod hid cdrom sd mod ata generic ohci pci ehci pci ehci hcd ohci hcd pata ali libata sym53c8xx scsi transport spi tg3 scsi mod usbcore libphy scsi common mdio bus usb common [   74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor parser Not tainted 6.18.0-rc6+ #9 NONE [   74.536543] Call Trace: [   74.568561] [<0000000000434c24>] dump stack+0x8/0x18 [   74.633757] [<0000000000476438>] warn+0xd8/0x100 [   74.696664] [<00000000004296d4>] warn slowpath fmt+0x34/0x74 [   74.771006] [<00000000008db28c>] aa dfa unpack+0x6cc/0x720 [   74.843062] [<00000000008e643c>] unpack pdb+0xbc/0x7e0 [   74.910545] [<00000000008e7740>] unpack profile+0xbe0/0x1300 [   74.984888] [<00000000008e82e0>] aa unpack+0xe0/0x6a0 [   75.051226] [<00000000008e3ec4>] aa replace profiles+0x64/0x1160 [   75.130144] [<00000000008d4d90>] policy update+0xf0/0x280 [   75.201057] [<00000000008d4fc8>] profile replace+0xa8/0x100 [   75.274258] [<0000000000766bd0>] vfs write+0x90/0x420 [   75.340594] [<00000000007670cc>] ksys write+0x4c/0xe0 [   75.406932] [<0000000000767174>] sys write+0x14/0x40 [   75.472126] [<0000000000406174>] linux sparc syscall+0x34/0x44 [   75.548802] ---[ end trace 0000000000000000 ]--- [   75.609503] dfa blob stream 0xfff0000008926b96 not aligned. [   75.682695] Kernel unaligned access at TPC[8db2a8] aa dfa unpack+0x6e8/0x720

Work around it by using the get unaligned xx() helpers.