Linux Kernel AppArmor Double Free in aa_replace_profiles()
CVE-2026-23408 Published on April 1, 2026
apparmor: Fix double free of ns_name in aa_replace_profiles()
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after
1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in
1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name
1095 ns_name = ent->ns_name;
however ent->ns_name is freed at
1262 aa_load_ent_free(ent);
and then again when freeing ns_name at
1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
")
Products Associated with CVE-2026-23408
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version 145a0ef21c8e944957f58e2c8ffcd8a10f46266a and below 55ef2af7490aaf72f8ffe11ec44c6bcb7eb2162a is affected.
- Version 145a0ef21c8e944957f58e2c8ffcd8a10f46266a and below 86feeccd6b93ed94bd6655f30de80f163f8d5a45 is affected.
- Version 145a0ef21c8e944957f58e2c8ffcd8a10f46266a and below 7998ab3010d2317643f91828f1853d954ef31387 is affected.
- Version 145a0ef21c8e944957f58e2c8ffcd8a10f46266a and below 18b5233e860c294a847ee07869d93c0b8673a54b is affected.
- Version 145a0ef21c8e944957f58e2c8ffcd8a10f46266a and below 5df0c44e8f5f619d3beb871207aded7c78414502 is affected.
- Version 5.5 is affected.
- Before 5.5 is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.18, <= 6.18.* is unaffected.
- Version 6.19.8, <= 6.19.* is unaffected.
- Version 7.0-rc4, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.