Description
In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix rlimit for posix cpu timers

Posix cpu timers requires an additional step beyond setting the rlimit.
Refactor the code so its clear when what code is setting the
limit and conditionally update the posix cpu timers when appropriate.
Published: 2026-06-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the Linux kernel’s AppArmor subsystem, where POSIX CPU timer limits are not correctly applied. As a result, a process can bypass the resource limits intended to throttle CPU usage, potentially leading to resource exhaustion or denial of service. This issue is a classic example of CWE‑770: Resource Leak via inadequate cleanup, where resource limits are not properly enforced by the operating system.

Affected Systems

All Linux kernel builds that contain the incorrect rlimit handling for POSIX CPU timers before the commit that introduces this fix are affected. Vendor information indicates Linux as the affected platform, but specific kernel version ranges are not listed in the available data, so administrators should assess whether their running kernel includes this bug.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable, leaving the exact severity uncertain. Based on the description, it is inferred that the vulnerability requires local access to the system to trigger, as it is a kernel‑level resource limit enforcement flaw. A local attacker, particularly one with kernel or elevated privileges, could exploit the flaw to increase CPU usage beyond intended limits, potentially denying service to other users or processes. The lack of a public exploit and its presence in the kernel suggest a moderate to high risk if the affected kernel is in use, though precise impact depends on system configuration and workload patterns. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 10, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the fix for CVE‑2026‑46328
  • Reboot the system so that the updated kernel is loaded
  • As an interim measure, manually set appropriate CPU limit values before launching critical or untrusted processes using setrlimit or the ulimit command to enforce desired restrictions

Generated by OpenCVE AI on June 10, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-688

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References

Tue, 09 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-688

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers when appropriate.
Title apparmor: fix rlimit for posix cpu timers
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T12:25:57.629Z

Reserved: 2026-05-13T15:03:33.112Z

Link: CVE-2026-46328

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T14:16:42.500

Modified: 2026-06-09T14:16:42.500

Link: CVE-2026-46328

cve-icon Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-46328 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:30:16Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling