AppArmor: Mitigate kernel stack exhaustion via iterative removal
CVE-2026-23404 Published on April 1, 2026
apparmor: replace recursive profile removal with iterative approach
In the Linux kernel, the following vulnerability has been resolved:
apparmor: replace recursive profile removal with iterative approach
The profile removal code uses recursion when removing nested profiles,
which can lead to kernel stack exhaustion and system crashes.
Reproducer:
$ pf='a'; for ((i=0; i<1024; i++)); do
echo -e "profile $pf { \n }" | apparmor_parser -K -a;
pf="$pf//x";
done
$ echo -n a > /sys/kernel/security/apparmor/.remove
Replace the recursive __aa_profile_list_release() approach with an
iterative approach in __remove_profile(). The function repeatedly
finds and removes leaf profiles until the entire subtree is removed,
maintaining the same removal semantic without recursion.
Products Associated with CVE-2026-23404
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version c88d4c7b049e87998ac0a9f455aa545cc895ef92 and below 33959a491e9fd557abfa5fce5ae4637d400915d3 is affected.
- Version c88d4c7b049e87998ac0a9f455aa545cc895ef92 and below 999bd704b0b641527a5ed46f0d969deff8cfa68b is affected.
- Version c88d4c7b049e87998ac0a9f455aa545cc895ef92 and below 7eade846e013cbe8d2dc4a484463aa19e6515c7f is affected.
- Version c88d4c7b049e87998ac0a9f455aa545cc895ef92 and below a6a941a1294ac5abe22053dc501d25aed96e48fe is affected.
- Version c88d4c7b049e87998ac0a9f455aa545cc895ef92 and below ab09264660f9de5d05d1ef4e225aa447c63a8747 is affected.
- Version 2.6.36 is affected.
- Before 2.6.36 is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.18, <= 6.18.* is unaffected.
- Version 6.19.8, <= 6.19.* is unaffected.
- Version 7.0-rc4, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.