Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix race between freeing data and fs accessing it

AppArmor was putting the reference to i_private data on its end after
removing the original entry from the file system. However the inode
can aand does live beyond that point and it is possible that some of
the fs call back functions will be invoked after the reference has
been put, which results in a race between freeing the data and
accessing it through the fs.

While the rawdata/loaddata is the most likely candidate to fail the
race, as it has the fewest references. If properly crafted it might be
possible to trigger a race for the other types stored in i_private.

Fix this by moving the put of i_private referenced data to the correct
place which is during inode eviction.
Published: 2026-04-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑after‑free in the kernel can trigger crashes or memory corruption leading to denial of service and potential privilege escalation
Action: Apply Patch
AI Analysis

Impact

A race condition exists in the AppArmor subsystem of the Linux kernel where a reference to inode private data is cleared before related filesystem callbacks execute. The freed data may be accessed by these callbacks, causing the kernel to read or write freed memory. If an attacker can orchestrate the timing of these operations, the race can lead to a kernel panic, denial of service, or, in the worst case, a privilege‑escalation scenario through memory corruption.

Affected Systems

All Linux kernel releases prior to the applied security fix are affected. The vulnerability is present in standard Linux distributions and any custom kernels that include the flawed AppArmor code paths. Specific affected kernel versions are not listed, so any kernel before the upstream patch should be considered vulnerable.

Risk and Exploitability

The vulnerability scores a CVSS of 7.8, indicating high severity. EPSS is below 1%, suggesting a low probability of exploitation in the wild. It is not included in the CISA KEV catalog, further indicating limited active exploitation. The likely attack vector involves manipulating AppArmor policies or privileged system calls to trigger the race; however, the exact prerequisites are not detailed in the advisory and are inferred from the nature of the race condition.

Generated by OpenCVE AI on April 2, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the AppArmor race fix
  • If a kernel update is not immediately available, consider disabling AppArmor or removing relevant AppArmor profiles to eliminate the vulnerable code path
  • Verify that the operating system’s kernel address space layout randomization and other memory protection mitigations are enabled to reduce the likelihood of a successful exploitation attempt

Generated by OpenCVE AI on April 2, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8152-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8164-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8201-1 Linux kernel (Azure) vulnerabilities
History

Fri, 24 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CPEs cpe:2.3:o:linux:linux_kernel:4.13:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Wed, 01 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction.
Title apparmor: fix race between freeing data and fs accessing it
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:58:47.307Z

Reserved: 2026-01-13T15:37:46.013Z

Link: CVE-2026-23411

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T09:16:17.270

Modified: 2026-04-24T15:23:12.077

Link: CVE-2026-23411

cve-icon Redhat

Severity :

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-23411 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:22:27Z

Weaknesses