Re: Multiple vulnerabilities in AppArmor

[Greg KH <greg () kroah com>]

On Thu, Mar 26, 2026 at 06:36:17PM +0000, Qualys Security Advisory wrote:
> Hi Linux kernel CVE assignment team, all,
>
> We saw that last week you assigned two CVEs to two of the nine AppArmor
> vulnerabilities that were fixed and released on March 12, thank you very
> much for these:
>
> ------------------------------------------------------------------------
> https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/T/#u
> > - "[PATCH 08/11] apparmor: fix unprivileged local user can do privileged
> >   policy management" (the confused-deputy problem detailed in this
> >   advisory);
> ------------------------------------------------------------------------
> https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/T/#u
> > - "[PATCH 01/11] apparmor: validate DFA start states are in bounds in
> >   unpack_pdb" (an out-of-bounds read);
> ------------------------------------------------------------------------
>
> Since two weeks have passed now (since the fixes were released), would
> it be possible to please assign CVEs to the remaining seven AppArmor
> vulnerabilities:
>
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825
> > - "[PATCH 02/11] apparmor: fix memory leak in verify_header" (a memory
> >   leak);

Now assigned to CVE-2026-23403

> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/ab09264660f9de5d05d1ef4e225aa447c63a8747

CVE-2026-23404

> https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2

CVE-2026-23405

> > - "[PATCH 03/11] apparmor: replace recursive profile removal with
> >   iterative approach" and "[PATCH 04/11] apparmor: fix: limit the number
> >   of levels of policy namespaces" (the uncontrolled recursion detailed
> >   in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/8756b68edae37ff546c02091989a4ceab3f20abd

CVE-2026-23406

> > - "[PATCH 05/11] apparmor: fix side-effect bug in match_char() macro
> >   usage" (the out-of-bounds read detailed in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/d352873bbefa7eb39995239d0b44ccdf8aaa79a4

CVE-2026-23407

> > - "[PATCH 06/11] apparmor: fix missing bounds check on DEFAULT table in
> >   verify_dfa()" (an out-of-bounds read and write);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/5df0c44e8f5f619d3beb871207aded7c78414502

CVE-2026-23408

> > - "[PATCH 07/11] apparmor: Fix double free of ns_name in
> >   aa_replace_profiles()" (the double-free detailed in this advisory);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/39440b137546a3aa383cfdabc605fb73811b6093

CVE-2026-23409

> > - "[PATCH 09/11] apparmor: fix differential encoding verification" (an
> >   infinite loop);
> ------------------------------------------------------------------------
> https://git.kernel.org/stable/c/a0b7091c4de45a7325c8780e6934a894f92ac86b

CVE-2026-23410

> https://git.kernel.org/stable/c/8e135b8aee5a06c52a4347a5a6d51223c6f36ba3

CVE-2026-23411

Hope that helps people's accounting systems :)

thanks,

greg k-h