Bug 2453795 (CVE-2026-23405)

Summary: CVE-2026-23405 kernel: apparmor: fix: limit the number of levels of policy namespaces
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the AppArmor security module within the Linux kernel. A local user could exploit this vulnerability by creating and nesting policy namespaces without limit. This unbounded nesting can lead to the exhaustion of system resources, resulting in a Denial of Service (DoS) for the affected system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-01 10:02:07 UTC 
In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix: limit the number of levels of policy namespaces

Currently the number of policy namespaces is not bounded relying on
the user namespace limit. However policy namespaces aren't strictly
tied to user namespaces and it is possible to create them and nest
them arbitrarily deep which can be used to exhaust system resource.

Hard cap policy namespaces to the same depth as user namespaces.
Comment 1 Alexander B 2026-04-01 10:51:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23405-0e7a@gregkh/T