CVE-2026-23411
Received Received - Intake
Race Condition in Linux Kernel AppArmor Causes Use-After-Free

Publication date: 2026-04-01

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-24
Generated
2026-05-07
AI Q&A
2026-04-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23411
EUVD
EUVD-2026-17843
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.13
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.169 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.18 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.8 (exc)
linux linux_kernel From 4.13.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed by correcting the timing of freeing i_private referenced data during inode eviction in the Linux kernel's AppArmor module.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's AppArmor component. It involves a race condition between freeing data and accessing it through the filesystem. Specifically, AppArmor was placing a reference to i_private data after removing the original entry from the filesystem, but the inode can still exist beyond that point. This means some filesystem callback functions might be called after the reference is set, causing a race between freeing the data and accessing it.

The most likely data to fail this race is rawdata/loaddata, which has the fewest references, but if carefully crafted, the race could be triggered for other types stored in i_private. The fix involved moving the release of i_private referenced data to the correct time during inode eviction.


How can this vulnerability impact me? :

This vulnerability can lead to a race condition where data is accessed after it has been freed, potentially causing system instability or crashes. If exploited, it might allow an attacker to cause unexpected behavior in the filesystem operations, which could lead to denial of service or other unpredictable effects on the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart