CVE-2026-23405
apparmor: fix: limit the number of levels of policy namespaces
Description
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and it is possible to create them and nest them arbitrarily deep which can be used to exhaust system resource. Hard cap policy namespaces to the same depth as user namespaces.
INFO
Published Date :
April 1, 2026, 9:16 a.m.
Last Modified :
April 1, 2026, 2:23 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the Linux kernel patch.
- Update the kernel to a fixed version.
- Reboot the system after applying the patch.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-23405.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-23405 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-23405
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-23405 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-23405 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 01, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and it is possible to create them and nest them arbitrarily deep which can be used to exhaust system resource. Hard cap policy namespaces to the same depth as user namespaces. Added Reference https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2 Added Reference https://git.kernel.org/stable/c/3f8699b3ee0c04b4b9bc27b82cd89a40e81e1d2e Added Reference https://git.kernel.org/stable/c/7b6495ead2c611647f6b11441a852324e3eb8616 Added Reference https://git.kernel.org/stable/c/853ce31ca72097d23991a06876a2ccb5cb64b603 Added Reference https://git.kernel.org/stable/c/d42b2b6bb77ca40ee34ab74ad79305840b5f315d