CVE-2026-23411

Description

In the Linux kernel, the following vulnerability has been resolved:apparmor: fix race between freeing data and fs accessing itAppArmor was putting the reference to i_private data on its end afterremoving the original entry from the file system. However the inodecan aand does live beyond that point and it is possible that some ofthe fs call back functions will be invoked after the reference hasbeen put, which results in a race between freeing the data andaccessing it through the fs.While the rawdata/loaddata is the most likely candidate to fail therace, as it has the fewest references. If properly crafted it might bepossible to trigger a race for the other types stored in i_private.Fix this by moving the put of i_private referenced data to the correctplace which is during inode eviction.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.012

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234