Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix NULL sock in aa_sock_file_perm

Deal with the potential that sock and sock-sk can be NULL during
socket setup or teardown. This could lead to an oops. The fix for NULL
pointer dereference in __unix_needs_revalidation shows this is at
least possible for af_unix sockets. While the fix for af_unix sockets
applies for newer mediation this is still the fall back path for older
af_unix mediation and other sockets, so ensure it is covered.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, AppArmor’s socket permission logic contained a flaw that caused a NULL pointer dereference during the setup or teardown of sockets. When the kernel attempted to reference a null socket or socket‑sk structure, an oops occurred, which can crash the kernel and bring the system to a halt. This defect is a classic null‑pointer dereference, identified as CWE‑476. No direct code execution or escalation was described in the official text.

Affected Systems

All Linux kernel releases that have not incorporated the AppArmor fix are potentially affected. The vendor identified is Linux; the product is the Linux kernel. No specific affected version range is supplied in the vendor data, so any kernel build before the commit that implements the null‑pointer check is vulnerable.

Risk and Exploitability

The CVSS and EPSS scores are not provided, and the issue is not listed in the CISA KEV catalog. Because the flaw involves the kernel's socket handling, it likely requires local interaction that can create or manipulate sockets, potentially including processes with elevated privileges. The risk is primarily for denial of service through a kernel crash, and the most plausible attack vector is inferred to be local exploitation, requiring code that can influence socket configuration.

Generated by OpenCVE AI on May 27, 2026 at 15:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel update that includes the AppArmor null‑pointer dereference fix.
  • Reload or refresh AppArmor profiles so the updated logic is active.
  • If an update cannot be applied immediately, restrict the creation of AF_UNIX and other sockets from untrusted or non‑privileged processes to reduce the chance of triggering the flaw.

Generated by OpenCVE AI on May 27, 2026 at 15:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aa_sock_file_perm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in __unix_needs_revalidation shows this is at least possible for af_unix sockets. While the fix for af_unix sockets applies for newer mediation this is still the fall back path for older af_unix mediation and other sockets, so ensure it is covered.
Title apparmor: fix NULL sock in aa_sock_file_perm
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:15:12.310Z

Reserved: 2026-05-13T15:03:33.078Z

Link: CVE-2026-45848

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:56.700

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:30:36Z

Weaknesses