CVE-2026-23404Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or Throttling13 documents8 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1
Latest updateApr 19

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes lea

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linuxc88d4c7b049e87998ac0a9f455aa545cc895ef9233959a491e9fd557abfa5fce5ae4637d400915d3+5
debiandebian/linux< linux 6.1.164-1 (bookworm)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 7.0-rc3 apparmor __aa_profile_list_release recursion (EUVD-2026-17832 / WID-SEC-2026-0950)2026-04-19
OSV
linux-oem-6.17 vulnerabilities2026-04-06
GHSA
GHSA-x9jq-3w57-m487: In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile2026-04-01
OSV
CVE-2026-23404: In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile re2026-04-01

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06

🕵️Threat Intelligence

1
Wiz
CVE-2026-23404 Impact, Exploitability, and Mitigation Steps | Wiz