CVE-2026-23409

MEDIUM

apparmor: fix differential encoding verification

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encode verification had two bugs. 1. it conflated states that had gone through check and already been marked, with states that were currently being checked and marked. This means that loops in the current chain being verified are treated as a chain that has already been verified. 2. the order bailout on already checked states compared current chain check iterators j,k instead of using the outer loop iterator i. Meaning a step backwards in states in the current chain verification was being mistaken for moving to an already verified state. Move to a double mark scheme where already verified states get a different mark, than the current chain being kept. This enables us to also drop the backwards verification check that was the cause of the second error as any already verified state is already marked.

Scores

CVSS v3 5.5
EPSS 0.0018
EPSS Percentile 7.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (29)
linux/Kernel 4.17.0 - 5.10.253linux
linux/Kernel 5.11.0 - 5.15.203linux
linux/Kernel 5.16.0 - 6.1.169linux
linux/Kernel 6.13.0 - 6.18.18linux
linux/Kernel 6.19.0 - 6.19.8linux
linux/Kernel 6.2.0 - 6.6.130linux
linux/Kernel 6.7.0 - 6.12.77linux
Linux/Linux < 4.17
Linux/Linux 031dcc8f4e84fea37dc6f78fdc7288aa7f8386c3 - 0fab44285445e9012674396d5c1236a67da518e0
Linux/Linux 031dcc8f4e84fea37dc6f78fdc7288aa7f8386c3 - 1439150cd3c411228b387ab5efca92199d2a659a
... and 19 more
Published Apr 01, 2026
Tracked Since Apr 01, 2026