Memory Management Flaw in Linux Kernel Affects Kernel Security
CVE-2026-23408

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-23408?

A memory management issue in the Linux kernel's AppArmor subsystem has been identified, where an improper handling of the 'ns_name' variable can lead to a double free condition. This occurs when 'ns_name' is initially assigned, but subsequent operations lead to it being freed twice due to incorrect reference management. The flaw arises from a failure to nullify a pointer after transferring ownership, potentially allowing for unexpected behavior and stability risks. The vulnerability has been addressed in recent kernel updates to improve overall security.

Affected Version(s)

Linux 145a0ef21c8e944957f58e2c8ffcd8a10f46266a < 55ef2af7490aaf72f8ffe11ec44c6bcb7eb2162a

Linux 145a0ef21c8e944957f58e2c8ffcd8a10f46266a < 86feeccd6b93ed94bd6655f30de80f163f8d5a45

Linux 145a0ef21c8e944957f58e2c8ffcd8a10f46266a < 7998ab3010d2317643f91828f1853d954ef31387

References

https://git.kernel.org/stable/c/55ef2af7490aaf72f8ffe11ec...

https://git.kernel.org/stable/c/86feeccd6b93ed94bd6655f30...

https://git.kernel.org/stable/c/7998ab3010d2317643f91828f...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23408 Data

JSON