CVE-2026-23409Incomplete Internal State Distinction in Linux

CWE-372Incomplete Internal State Distinction13 documents8 sources
Severity
7.2HIGHOSV
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1
Latest updateApr 19

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encode verification had two bugs. 1. it conflated states that had gone through check and already been marked, with states that were currently being checked and marked. This means that loops in the current

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linux031dcc8f4e84fea37dc6f78fdc7288aa7f8386c3f90e3ecd9e1ed69f1a370f866ceed1f104f3ab4a+5
debiandebian/linux< linux 6.1.164-1 (bookworm)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 7.0-rc3 apparmor encoding error (EUVD-2026-17839 / WID-SEC-2026-0950)2026-04-19
OSV
linux-oem-6.17 vulnerabilities2026-04-06
OSV
CVE-2026-23409: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loop2026-04-01
GHSA
GHSA-53jf-v56h-xgqg: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows lo2026-04-01

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06

🕵️Threat Intelligence

1
Wiz
CVE-2026-23409 Impact, Exploitability, and Mitigation Steps | Wiz