{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T02:09:46.248","vulnerabilities":[{"cve":{"id":"CVE-2026-23406","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-01T09:16:16.327","lastModified":"2026-04-24T18:40:51.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix side-effect bug in match_char() macro usage\n\nThe match_char() macro evaluates its character parameter multiple\ntimes when traversing differential encoding chains. When invoked\nwith *str++, the string pointer advances on each iteration of the\ninner do-while loop, causing the DFA to check different characters\nat each iteration and therefore skip input characters.\nThis results in out-of-bounds reads when the pointer advances past\nthe input buffer boundary.\n\n[   94.984676] ==================================================================\n[   94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760\n[   94.985655] Read of size 1 at addr ffff888100342000 by task file/976\n\n[   94.986319] CPU: 7 UID: 1000 PID: 976 Comm: file Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[   94.986322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   94.986329] Call Trace:\n[   94.986341]  <TASK>\n[   94.986347]  dump_stack_lvl+0x5e/0x80\n[   94.986374]  print_report+0xc8/0x270\n[   94.986384]  ? aa_dfa_match+0x5ae/0x760\n[   94.986388]  kasan_report+0x118/0x150\n[   94.986401]  ? aa_dfa_match+0x5ae/0x760\n[   94.986405]  aa_dfa_match+0x5ae/0x760\n[   94.986408]  __aa_path_perm+0x131/0x400\n[   94.986418]  aa_path_perm+0x219/0x2f0\n[   94.986424]  apparmor_file_open+0x345/0x570\n[   94.986431]  security_file_open+0x5c/0x140\n[   94.986442]  do_dentry_open+0x2f6/0x1120\n[   94.986450]  vfs_open+0x38/0x2b0\n[   94.986453]  ? may_open+0x1e2/0x2b0\n[   94.986466]  path_openat+0x231b/0x2b30\n[   94.986469]  ? __x64_sys_openat+0xf8/0x130\n[   94.986477]  do_file_open+0x19d/0x360\n[   94.986487]  do_sys_openat2+0x98/0x100\n[   94.986491]  __x64_sys_openat+0xf8/0x130\n[   94.986499]  do_syscall_64+0x8e/0x660\n[   94.986515]  ? count_memcg_events+0x15f/0x3c0\n[   94.986526]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   94.986540]  ? handle_mm_fault+0x1639/0x1ef0\n[   94.986551]  ? vma_start_read+0xf0/0x320\n[   94.986558]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   94.986561]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   94.986563]  ? fpregs_assert_state_consistent+0x50/0xe0\n[   94.986572]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   94.986574]  ? arch_exit_to_user_mode_prepare+0x9/0xb0\n[   94.986587]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   94.986588]  ? irqentry_exit+0x3c/0x590\n[   94.986595]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[   94.986597] RIP: 0033:0x7fda4a79c3ea\n\nFix by extracting the character value before invoking match_char,\nensuring single evaluation per outer loop."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17.1","versionEndExcluding":"5.10.253","matchCriteriaId":"E395B1A0-3F3F-4299-9E96-FE513DCFE882"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.169","matchCriteriaId":"DBEC0E5D-641C-4E98-A6D9-5799B10CE451"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.18","matchCriteriaId":"346AD1FB-0CE8-4D9D-8E56-5EB1A4D06199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.8","matchCriteriaId":"C65A7D85-C7C6-485E-AC35-66A374C73FAC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.17:-:*:*:*:*:*:*","matchCriteriaId":"3F438846-FE97-43DC-A655-B5EF8DED552E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0510d1ba0976f97f521feb2b75b0572ea5df3ceb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1fc94f16098213d01e56c97feed9b3ecf0147a37","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/383b7270faf42564f133134c2fc3c24bbae52615","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a184f7cbdeaad17e16dedf3c17d0cd622edfed8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8756b68edae37ff546c02091989a4ceab3f20abd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b73c1dff8a9d7eeaebabf8097a5b2de192f40913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7dc56d8b37eda1396feeec3ab1c7ecee5eae31b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f16f2e5936c0f5f0d11fdf10d2be3e47e7108e42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}