CVE-2026-23404
Received Received - Intake
Stack Exhaustion in Linux AppArmor Due to Recursive Profile Removal

Publication date: 2026-04-01

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23404
EUVD
EUVD-2026-17832
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.36
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.169 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.18 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.8 (exc)
linux linux_kernel From 2.6.36.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AppArmor security module. The issue arises from the way AppArmor removes nested security profiles using a recursive method. When many nested profiles are removed recursively, it can exhaust the kernel stack, leading to system crashes.

The vulnerability was addressed by replacing the recursive profile removal function with an iterative approach. This new method removes profiles repeatedly in a loop until all nested profiles are removed, preventing stack exhaustion while maintaining the same removal behavior.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to stack exhaustion when removing deeply nested AppArmor profiles. Such crashes can lead to system instability, downtime, and potential loss of availability for services running on the affected system.

Detection Guidance

This vulnerability relates to the AppArmor profile removal process in the Linux kernel, which uses recursion and can lead to kernel stack exhaustion and system crashes.

A reproducer command sequence is provided to trigger the issue by creating nested profiles and then attempting to remove them:

  • $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" | apparmor_parser -K -a; pf="$pf//x"; done
  • $ echo -n a > /sys/kernel/security/apparmor/.remove

Running these commands can help detect if the system is vulnerable by causing the kernel stack exhaustion and potential crash.

Mitigation Strategies

The vulnerability has been resolved by replacing the recursive profile removal approach with an iterative one in the Linux kernel.

Immediate mitigation steps include updating the Linux kernel to a version that contains this fix, which replaces the recursive __aa_profile_list_release() function with an iterative __remove_profile() function.

Until the update is applied, avoid creating deeply nested AppArmor profiles that could trigger the recursive removal and cause kernel stack exhaustion.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23404. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart