Use-After-Free Vulnerability in Linux Kernel Affecting AppArmor
CVE-2026-23410

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-23410?

A use-after-free vulnerability exists in the Linux kernel's AppArmor due to a race condition involving rawdata inodes. When an attacker opens a rawdata file while simultaneously removing the last reference to it (such as by removing the corresponding profile), it can lead to accessing freed memory. This flaw occurs because the rawdata inodes are not refcounted, aiming to avoid circular references. The vulnerability allows for unsafe memory access when the seq_rawdata_open() function is executed, resulting in serious implications for system integrity and security. The issue has been addressed by implementing a double refcounting scheme for rawdata, enabling safe memory management.

Affected Version(s)

Linux 5d5182cae40115c03933989473288e54afb39c7c < 6ef1f2926c41ab96952d9696d55a052f1b3a9418

Linux 5d5182cae40115c03933989473288e54afb39c7c

References

https://git.kernel.org/stable/c/6ef1f2926c41ab96952d9696d...

https://git.kernel.org/stable/c/f9761add6d100962a23996cb6...

https://git.kernel.org/stable/c/af782cc8871e3683ddd5a3cd2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23410 Data

JSON