Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix memory leak in verify_header

The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.

Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.
Published: 2026-04-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via memory exhaustion
Action: Apply patch
AI Analysis

Impact

The vulnerability resides in the AppArmor subsystem of the Linux kernel, where the function verify_header mistakenly assigns *ns to NULL on each call. This causes any namespace string allocated by previous iterations to be leaked, resulting in a cumulative memory leak that can eventually exhaust system memory. Additionally, the always‑NULL value breaks namespace consistency checks, potentially leading to further instability within the security framework.

Affected Systems

The flaw is present in all Linux kernel releases that include AppArmor before the commit that removes the incorrect assignment. Distributions shipping these kernel versions are therefore impacted; no specific version range is given, so all affected kernels prior to the patch should be considered vulnerable.

Risk and Exploitability

EPSS indicates a probability of exploitation below 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting a low likelihood of real‑world exploitation. Based on the description, it is inferred that an attacker requires local privileges and the ability to trigger repeated AppArmor profile unpacking to exploit the memory leak. The CVSS score is not provided in the input, but the impact is confined to denial of service through memory exhaustion rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on April 2, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that contains the patch that removes the incorrect assignment in verify_header.
  • If an immediate update is not possible, restrict which users can unpack AppArmor profiles and monitor system memory for gradual depletion.
  • Apply the upstream patch once available from the Linux kernel maintainers.

Generated by OpenCVE AI on April 2, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8152-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8164-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8201-1 Linux kernel (Azure) vulnerabilities
History

Fri, 24 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:3.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References

Wed, 01 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checking since *ns is always NULL when the comparison is made. Remove the incorrect assignment. The caller (aa_unpack) initializes *ns to NULL once before the loop, which is sufficient.
Title apparmor: fix memory leak in verify_header
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:58:36.504Z

Reserved: 2026-01-13T15:37:46.012Z

Link: CVE-2026-23403

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T09:16:15.803

Modified: 2026-04-24T18:39:58.850

Link: CVE-2026-23403

cve-icon Redhat

Severity :

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-23403 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:17:56Z

Weaknesses