CVE-2026-23404

Description

In the Linux kernel, the following vulnerability has been resolved:apparmor: replace recursive profile removal with iterative approachThe profile removal code uses recursion when removing nested profiles,which can lead to kernel stack exhaustion and system crashes.Reproducer: $ pf=a; for ((i=0; i<1024; i++)); do echo -e profile $pf { n } | apparmor_parser -K -a; pf=$pf//x; done $ echo -n a > /sys/kernel/security/apparmor/.removeReplace the recursive __aa_profile_list_release() approach with aniterative approach in __remove_profile(). The function repeatedlyfinds and removes leaf profiles until the entire subtree is removed,maintaining the same removal semantic without recursion.

Risk Information

Base Score

9.1

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score

Exploitation Probability

0.018

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234