CVE-2026-45884

NONE EPSS 5.0%
Published May 27, 20261mo ago · Modified Jun 17, 20262w ago
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aa_get_buffer When aa_get_buffer() pulls from the per-cpu list it unconditionally decrements cache->hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINT_MAX. This keeps hold non-zero for a very long time, so aa_put_buffer() never returns buffers to the global list, which can starve other CPUs and force repeated kmalloc(aa_g_path_max) allocations. Guard the decrement so hold never underflows.

Threat Intelligence

EPSS Exploit Probability
5.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 4

  • git.kernel.org https://git.kernel.org/stable/c/202824a1f89a9786c20a3d646a7c88d223abb1b2
  • git.kernel.org https://git.kernel.org/stable/c/4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169
  • git.kernel.org https://git.kernel.org/stable/c/640cf2f09575c9dc344b3f7be2498d31e3923ead
  • git.kernel.org https://git.kernel.org/stable/c/80c334acc6d0bee8605a358a33e69b4aea1ffb92

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.