Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: replace recursive profile removal with iterative approach

The profile removal code uses recursion when removing nested profiles,
which can lead to kernel stack exhaustion and system crashes.

Reproducer:
$ pf='a'; for ((i=0; i<1024; i++)); do
echo -e "profile $pf { \n }" | apparmor_parser -K -a;
pf="$pf//x";
done
$ echo -n a > /sys/kernel/security/apparmor/.remove

Replace the recursive __aa_profile_list_release() approach with an
iterative approach in __remove_profile(). The function repeatedly
finds and removes leaf profiles until the entire subtree is removed,
maintaining the same removal semantic without recursion.
Published: 2026-04-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Crash (Denial of Service)
Action: Immediate Patch
AI Analysis

Impact

The AppArmor subsystem in the Linux kernel originally used a recursive routine to delete nested security profiles. When a large hierarchy of profiles is removed, the unchecked recursion can exhaust the kernel stack and cause a panic, resulting in a complete system crash. This vulnerability is a classic resource‑exhaustion flaw associated with CWE‑770.

Affected Systems

Any system running a Linux kernel that includes the AppArmor module and has not yet migrated to the iterative profile removal logic is potentially vulnerable. The CVE does not provide a specific version range, so administrators should verify whether their current kernel implements the iterative approach found in recent kernel releases.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of real‑world exploitation. To reach the vulnerable code path an attacker would typically need the ability to create or delete many nested AppArmor profiles, which requires elevated privileges. If exploited, the outcome is a kernel panic and complete denial of service until a reboot.

Generated by OpenCVE AI on April 2, 2026 at 04:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that implements the iterative profile removal logic.
  • Verify that the updated kernel’s AppArmor module uses the new logic by reviewing recent release notes or change logs.
  • If an update is not available, consider disabling the AppArmor subsystem or restricting profile deletion permissions to mitigate the recursion path.
  • Monitor system logs for kernel stack exhaustion or panic messages that could indicate use of the vulnerable code path.

Generated by OpenCVE AI on April 2, 2026 at 04:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8152-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8164-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8201-1 Linux kernel (Azure) vulnerabilities
History

Fri, 24 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References

Wed, 01 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
Title apparmor: replace recursive profile removal with iterative approach
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:58:37.883Z

Reserved: 2026-01-13T15:37:46.012Z

Link: CVE-2026-23404

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T09:16:15.977

Modified: 2026-04-24T18:40:10.777

Link: CVE-2026-23404

cve-icon Redhat

Severity :

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-23404 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:17:55Z

Weaknesses