2453799 – (CVE-2026-23404) CVE-2026-23404 kernel: apparmor: replace recursive profile removal with iterative approach

Bug 2453799 (CVE-2026-23404) - CVE-2026-23404 kernel: apparmor: replace recursive profile removal with iterative approach

Summary: CVE-2026-23404 kernel: apparmor: replace recursive profile removal with itera...

Keywords:
Status:	NEW
Alias:	CVE-2026-23404
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-01 10:02 UTC by OSIDB Bzimport
Modified:	2026-04-01 10:50 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-01 10:02:24 UTC

In the Linux kernel, the following vulnerability has been resolved:

apparmor: replace recursive profile removal with iterative approach

The profile removal code uses recursion when removing nested profiles,
which can lead to kernel stack exhaustion and system crashes.

Reproducer:
  $ pf='a'; for ((i=0; i<1024; i++)); do
      echo -e "profile $pf { \n }" | apparmor_parser -K -a;
      pf="$pf//x";
  done
  $ echo -n a > /sys/kernel/security/apparmor/.remove

Replace the recursive __aa_profile_list_release() approach with an
iterative approach in __remove_profile(). The function repeatedly
finds and removes leaf profiles until the entire subtree is removed,
maintaining the same removal semantic without recursion.

Comment 1 Alexander B 2026-04-01 10:47:05 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23404-8b0b@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.