2453796 – (CVE-2026-23403) CVE-2026-23403 kernel: apparmor: fix memory leak in verify_header

Bug 2453796 (CVE-2026-23403) - CVE-2026-23403 kernel: apparmor: fix memory leak in verify_header

Summary: CVE-2026-23403 kernel: apparmor: fix memory leak in verify_header

Keywords:
Status:	NEW
Alias:	CVE-2026-23403
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-01 10:02 UTC by OSIDB Bzimport
Modified:	2026-04-01 13:39 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-01 10:02:12 UTC

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix memory leak in verify_header

The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.

Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.

Comment 1 Alexander B 2026-04-01 13:35:44 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23403-f22c@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.