apparmor: replace recursive profile removal with iterative approach

Summary

CVE	CVE-2026-23404
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-04-01 09:16:15 UTC
Updated	2026-04-18 09:16:24 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i<1024; i++)); do echo -e "profile $pf { \n }" \| apparmor_parser -K -a; pf="$pf//x"; done $ echo -n a > /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.092520000 (date 2026-04-21)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 ea854f032190cc9f26dc4a0e727090c89e55e342 git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 4fdc847b107321dec22bf8ecd6019b7af76d7886 git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 b36a04284d0208be94e5e401409caa00e2bf1be1 git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 33959a491e9fd557abfa5fce5ae4637d400915d3 git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 999bd704b0b641527a5ed46f0d969deff8cfa68b git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 7eade846e013cbe8d2dc4a484463aa19e6515c7f git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 a6a941a1294ac5abe22053dc501d25aed96e48fe git	Not specified
CNA	Linux	Linux	affected c88d4c7b049e87998ac0a9f455aa545cc895ef92 ab09264660f9de5d05d1ef4e225aa447c63a8747 git	Not specified
CNA	Linux	Linux	affected 2.6.36	Not specified
CNA	Linux	Linux	unaffected 2.6.36 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.169 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.77 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.18 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.8 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/a6a941a1294ac5abe22053dc501d25aed96e48fe	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/7eade846e013cbe8d2dc4a484463aa19e6515c7f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/4fdc847b107321dec22bf8ecd6019b7af76d7886	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ab09264660f9de5d05d1ef4e225aa447c63a8747	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ea854f032190cc9f26dc4a0e727090c89e55e342	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/33959a491e9fd557abfa5fce5ae4637d400915d3	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/999bd704b0b641527a5ed46f0d969deff8cfa68b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/b36a04284d0208be94e5e401409caa00e2bf1be1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.