Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-23269EXPLOITED

Linux · Linux kernel

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will access dfa->tables[YYTD_ID_BASE][start], and if the start state exceeds the number of states in the DFA, this results in an out-of-bound read. ================================================================== BUG: KASAN: slab-out-of-bounds in aa_dfa_next+0x2a1/0x360 Read of size 4 at addr ffff88811956fb90 by task su/1097 ... Reject policies with out-of-bounds start states during unpacking to prevent the issue.

Affected Products

Vendor	Product	Versions
Linux	Linux kernel	—

References

Related News (8 articles)

Tier C

oss-security6h ago

Re: Multiple vulnerabilities in AppArmor

→ No new info (linked only)

Tier C

oss-security2d ago

Re: Multiple vulnerabilities in AppArmor

→ No new info (linked only)

Tier C

oss-security2d ago

Re: Multiple vulnerabilities in AppArmor

→ No new info (linked only)

Tier C

oss-security3d ago

Re: Re: Multiple vulnerabilities in AppArmor

→ No new info (linked only)

Tier C

oss-security3d ago

Re: Multiple vulnerabilities in AppArmor

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR4d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (27 mars 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC11d ago

CVE-2026-23269 apparmor: validate DFA start states are in bounds in unpack_pdb

→ No new info (linked only)

CVSS 3.17.5 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-20

PublishedMar 18, 2026

Last enriched5h agov3

Trending Score66

Source articles8

Independent4

Info Completeness8/14

Missing: versions, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-23400EXP

rust_binder: call set_notification_done() without proc lock

CRITICALCVE-2026-23399EXP

nf_tables: nft_dynset: fix possible stateful expression memleak in error path

MEDIUMCVE-2026-22977

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, [

NONECVE-2026-31788EXP

xen/privcmd: restrict usage in unprivileged domU

HIGHCVE-2025-71238

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fa

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 18, 2026

Actively Exploited

Mar 25, 2026

Exploit Available

Mar 25, 2026

Discovered by ZDM

Mar 26, 2026

Updated: vendor, product, severity, cvssEstimate, exploitAvailable, activelyExploited

Mar 26, 2026

Updated: cweIds

Mar 31, 2026

Version History

v3

Last enriched 5h ago

v3Tier C5h ago

Added CWE-20 related to improper input validation.

cweIds

via oss-security

v2Tier A4d ago

Added vendor and product information, updated severity to HIGH, and set CVSS estimate to 7.5 with exploit availability confirmed.

vendorproductseveritycvssEstimateexploitAvailableactivelyExploited

via Microsoft MSRC

v14d ago

Initial creation