CVE-2026-23405
MEDIUMapparmor: fix: limit the number of levels of policy namespaces
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and it is possible to create them and nest them arbitrarily deep which can be used to exhaust system resource. Hard cap policy namespaces to the same depth as user namespaces.
References (8)
Core 8
Core References
Scores
CVSS v3
5.5
EPSS
0.0018
EPSS Percentile
7.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (29)
linux/Kernel
2.6.36 - 5.10.253linux
linux/Kernel
5.11.0 - 5.15.203linux
linux/Kernel
5.16.0 - 6.1.169linux
linux/Kernel
6.13.0 - 6.18.18linux
linux/Kernel
6.19.0 - 6.19.8linux
linux/Kernel
6.2.0 - 6.6.130linux
linux/Kernel
6.7.0 - 6.12.77linux
Linux/Linux
< 2.6.36
Linux/Linux
2.6.36
Linux/Linux
5.10.253 - 5.10.*
... and 19 more
Published
Apr 01, 2026
Tracked Since
Apr 01, 2026