CVE-2026-23269

HIGH EPSS 3.0%
Published Mar 18, 20263mo ago · Modified May 29, 20261mo ago
7.1 CVSS 3.1
High
Find Similar
Published Mar 18, 2026 3mo ago
Last Modified May 29, 2026 1mo ago

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will access dfa->tables[YYTD_ID_BASE][start], and if the start state exceeds the number of states in the DFA, this results in an out-of-bound read. ================================================================== BUG: KASAN: slab-out-of-bounds in aa_dfa_next+0x2a1/0x360 Read of size 4 at addr ffff88811956fb90 by task su/1097 ... Reject policies with out-of-bounds start states during unpacking to prevent the issue.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.4  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.169
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.77
linuxlinux_kernel*≥6.13  –  <6.18.18
linuxlinux_kernel*≥6.19  –  <6.19.8
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/07cf6320f40ea2ccfad63728cff34ecb309d03da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0baadb0eece2c4d939db10d3c323b4652ac79a58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/15c3eb8916e7db01cb246d04a1fe6f0fdc065b0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3bb7db43e32190c973d4019037cedb7895920184
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5443c027ec16afa55b1b8a3e7a1ab2ea3c77767a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5487871b2b56c19d26936ed6fdc62652b30941df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9063d7e2615f4a7ab321de6b520e23d370e58816
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f43eea8ae0102ea198da211ef7f5ce83725ecf19
    Patch
  • qualys.com https://www.qualys.com/2026/03/10/crack-armor.txt
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07cf6320f40ea2ccfad63728cff34ecb309d03da
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0baadb0eece2c4d939db10d3c323b4652ac79a58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/15c3eb8916e7db01cb246d04a1fe6f0fdc065b0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3bb7db43e32190c973d4019037cedb7895920184
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5443c027ec16afa55b1b8a3e7a1ab2ea3c77767a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5487871b2b56c19d26936ed6fdc62652b30941df
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9063d7e2615f4a7ab321de6b520e23d370e58816
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f43eea8ae0102ea198da211ef7f5ce83725ecf19
    Patch