CVE-2026-23411Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference13 documents8 sources
Severity
7.8HIGHNVD
OSV7.2
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. Whi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linuxc961ee5f21b202dea60b63eeef945730d92e46a6ae10787d955fb255d381e0d5589451dd72c614b1+5
debiandebian/linux< linux 6.1.164-1 (bookworm)

🔴Vulnerability Details

4
OSV
linux-oem-6.17 vulnerabilities2026-04-06
GHSA
GHSA-4g4x-f3f9-gpq4: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting2026-04-01
CVEList
apparmor: fix race between freeing data and fs accessing it2026-04-01
OSV
CVE-2026-23411: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting t2026-04-01

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Intel IoTG Real-time) vulnerabilities2026-04-09
Ubuntu
Linux kernel (OEM) vulnerabilities2026-04-06

🕵️Threat Intelligence

1
Wiz
CVE-2026-23411 Impact, Exploitability, and Mitigation Steps | Wiz