Linux Kernel AppArmor verify_header Mem Leak
CVE-2026-23403 Published on April 1, 2026
apparmor: fix memory leak in verify_header
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix memory leak in verify_header
The function sets `*ns = NULL` on every call, leaking the namespace
string allocated in previous iterations when multiple profiles are
unpacked. This also breaks namespace consistency checking since *ns
is always NULL when the comparison is made.
Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.
Products Associated with CVE-2026-23403
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version dd51c84857630e77c139afe4d9bba65fc051dc3f and below 663ce34786e759ebcbeb3060685c20bcc886d51a is affected.
- Version dd51c84857630e77c139afe4d9bba65fc051dc3f and below 786e2c2a87d9c505f33321d1fd23a176aa8ddeb1 is affected.
- Version dd51c84857630e77c139afe4d9bba65fc051dc3f and below 4f0889f2df1ab99224a5e1ac4e20437eea5fe38e is affected.
- Version dd51c84857630e77c139afe4d9bba65fc051dc3f and below 42fd831abfc15d0643c14688f0522556b347e7e6 is affected.
- Version dd51c84857630e77c139afe4d9bba65fc051dc3f and below e38c55d9f834e5b848bfed0f5c586aaf45acb825 is affected.
- Version 3.12 is affected.
- Before 3.12 is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.18, <= 6.18.* is unaffected.
- Version 6.19.8, <= 6.19.* is unaffected.
- Version 7.0-rc4, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.