[<prev] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2026040107-marshland-preflight-83a4@gregkh>
Date: Wed, 1 Apr 2026 10:36:13 +0200
From: Greg KH <greg@...ah.com>
To: Qualys Security Advisory <qsa@...lys.com>
Cc: "cve@...nel.org" <cve@...nel.org>,
"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Multiple vulnerabilities in AppArmor
On Thu, Mar 26, 2026 at 06:36:17PM +0000, Qualys Security Advisory wrote:
> Hi Linux kernel CVE assignment team, all,
>
> We saw that last week you assigned two CVEs to two of the nine AppArmor
> vulnerabilities that were fixed and released on March 12, thank you very
> much for these:
>
> ------------------------------------------------------------------------
> https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/T/#u
> > - "[PATCH 08/11] apparmor: fix unprivileged local user can do privileged
> > policy management" (the confused-deputy problem detailed in this
> > advisory);
> ------------------------------------------------------------------------
> https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/T/#u
> > - "[PATCH 01/11] apparmor: validate DFA start states are in bounds in
> > unpack_pdb" (an out-of-bounds read);
> ------------------------------------------------------------------------
>
> Since two weeks have passed now (since the fixes were released), would
> it be possible to please assign CVEs to the remaining seven AppArmor
> vulnerabilities:
>
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825
> > - "[PATCH 02/11] apparmor: fix memory leak in verify_header" (a memory
> > leak);
Now assigned to CVE-2026-23403
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/ab09264660f9de5d05d1ef4e225aa447c63a8747
CVE-2026-23404
> https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2
CVE-2026-23405
> > - "[PATCH 03/11] apparmor: replace recursive profile removal with
> > iterative approach" and "[PATCH 04/11] apparmor: fix: limit the number
> > of levels of policy namespaces" (the uncontrolled recursion detailed
> > in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/8756b68edae37ff546c02091989a4ceab3f20abd
CVE-2026-23406
> > - "[PATCH 05/11] apparmor: fix side-effect bug in match_char() macro
> > usage" (the out-of-bounds read detailed in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/d352873bbefa7eb39995239d0b44ccdf8aaa79a4
CVE-2026-23407
> > - "[PATCH 06/11] apparmor: fix missing bounds check on DEFAULT table in
> > verify_dfa()" (an out-of-bounds read and write);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/5df0c44e8f5f619d3beb871207aded7c78414502
CVE-2026-23408
> > - "[PATCH 07/11] apparmor: Fix double free of ns_name in
> > aa_replace_profiles()" (the double-free detailed in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/39440b137546a3aa383cfdabc605fb73811b6093
CVE-2026-23409
> > - "[PATCH 09/11] apparmor: fix differential encoding verification" (an
> > infinite loop);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/a0b7091c4de45a7325c8780e6934a894f92ac86b
CVE-2026-23410
> https://git.kernel.org/stable/c/8e135b8aee5a06c52a4347a5a6d51223c6f36ba3
CVE-2026-23411
Hope that helps people's accounting systems :)
thanks,
greg k-h
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
