Back to CVE List

CVE-2026-23408

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

apparmor: Fix double free of ns_name in aa_replace_profiles()

if ns_name is NULL after
1071 error = aa_unpack(udata, &lh, &ns_name);

and if ent->ns_name contains an ns_name in
1089 } else if (ent->ns_name) {

then ns_name is assigned the ent->ns_name
1095 ns_name = ent->ns_name;

however ent->ns_name is freed at
1262 aa_load_ent_free(ent);

and then again when freeing ns_name at
1270 kfree(ns_name);

Fix this by NULLing out ent->ns_name after it is transferred to ns_name

")

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux

External References

Discussion (0)

Add Comment

No comments yet. Be the first!