CVE-2026-23403Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference13 documents8 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checking since *ns is always NULL when the comparison is made. Remove the incorrect assignment. The caller (aa_unpack) initializes *ns to NULL once before the loop, which is sufficient.

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linuxdd51c84857630e77c139afe4d9bba65fc051dc3f663ce34786e759ebcbeb3060685c20bcc886d51a+5
debiandebian/linux< linux 6.1.164-1 (bookworm)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 7.0-rc3 apparmor verify_header memory leak (EUVD-2026-17831 / WID-SEC-2026-0950)2026-04-20
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
CVE-2026-23403: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every2026-04-01
GHSA
GHSA-rr4h-g2x9-f96p: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on eve2026-04-01

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06

🕵️Threat Intelligence

1
Wiz
CVE-2026-23403 Impact, Exploitability, and Mitigation Steps | Wiz