CVE-2026-23406Access of Memory Location After End of Buffer in Linux

CWE-788Access of Memory Location After End of Buffer13 documents8 sources
Severity
7.8HIGHNVD
OSV7.2
EPSS
0.0%
top 97.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 1
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with *str++, the string pointer advances on each iteration of the inner do-while loop, causing the DFA to check different characters at each iteration and therefore skip input characters. This results in out-of-bounds reads when the pointer

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linux074c1cd798cb0b481d7eaa749b64aa416563c0535a184f7cbdeaad17e16dedf3c17d0cd622edfed8+5

🔴Vulnerability Details

4
OSV
linux-oem-6.17 vulnerabilities2026-04-06
CVEList
apparmor: fix side-effect bug in match_char() macro usage2026-04-01
GHSA
GHSA-56hx-r887-5w6h: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro2026-04-01
OSV
CVE-2026-23406: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro e2026-04-01

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06

🕵️Threat Intelligence

1
Wiz
CVE-2026-23406 Impact, Exploitability, and Mitigation Steps | Wiz