Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: replace recursive profile removal with iterative approach

The profile removal code uses recursion when removing nested profiles,
which can lead to kernel stack exhaustion and system crashes.

Reproducer:
$ pf='a'; for ((i=0; i<1024; i++)); do
echo -e "profile $pf { \n }" | apparmor_parser -K -a;
pf="$pf//x";
done
$ echo -n a > /sys/kernel/security/apparmor/.remove

Replace the recursive __aa_profile_list_release() approach with an
iterative approach in __remove_profile(). The function repeatedly
finds and removes leaf profiles until the entire subtree is removed,
maintaining the same removal semantic without recursion.
Published: 2026-04-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Crash (Denial of Service)
Action: Immediate Patch
AI Analysis

Impact

The AppArmor subsystem in the Linux kernel originally used a recursive routine to delete nested security profiles. When a large hierarchy of profiles is removed, the unchecked recursion can exhaust the kernel stack and cause a panic, resulting in a complete system crash. This vulnerability is a classic resource‑exhaustion flaw associated with CWE‑770. Based on the description, it is inferred that an attacker would need the ability to create or delete many nested AppArmor profiles, which requires elevated privileges.

Affected Systems

Any system running a Linux kernel that includes the AppArmor module and has not yet migrated to the iterative profile removal logic is potentially vulnerable. The CVE does not provide a specific version range, so administrators should verify whether their current kernel implements the iterative approach found in recent kernel releases.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of real‑world exploitation. Based on the description, it is inferred that an attacker would need the ability to create or delete many nested AppArmor profiles, which typically requires elevated privileges. If exploited, the outcome is a kernel panic and complete denial of service until a reboot. The CVSS score of 5.5 classifies the vulnerability as medium severity.

Generated by OpenCVE AI on April 28, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that implements the iterative profile removal logic.
  • If an update is not available, consider disabling the AppArmor subsystem or restricting profile deletion permissions to mitigate the recursion path.
  • Monitor system logs for kernel stack exhaustion or panic messages that could indicate use of the vulnerable code path.

Generated by OpenCVE AI on April 28, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8152-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8164-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8201-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8224-1 Linux kernel (BlueField) vulnerabilities
Ubuntu USN Ubuntu USN USN-8243-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8261-1 Linux kernel (Xilinx) vulnerabilities
Ubuntu USN Ubuntu USN USN-8266-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8267-1 Linux kernel vulnerabilities
History

Fri, 24 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References

Wed, 01 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
Title apparmor: replace recursive profile removal with iterative approach
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:06:15.286Z

Reserved: 2026-01-13T15:37:46.012Z

Link: CVE-2026-23404

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T09:16:15.977

Modified: 2026-04-24T18:40:10.777

Link: CVE-2026-23404

cve-icon Redhat

Severity :

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-23404 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:00:14Z

Weaknesses