CVE-2026-23405

Description

In the Linux kernel, the following vulnerability has been resolved:apparmor: fix: limit the number of levels of policy namespacesCurrently the number of policy namespaces is not bounded relying onthe user namespace limit. However policy namespaces arent strictlytied to user namespaces and it is possible to create them and nestthem arbitrarily deep which can be used to exhaust system resource.Hard cap policy namespaces to the same depth as user namespaces.

Risk Information

Base Score

7.8

MODERATE

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.018

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234