A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.129/6.12.76/6.18.17/6.19.7/7.0-rc3. This impacts the function match_char of the component apparmor. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2026-23406. The attack can only be done within the local network. The affected component should be upgraded.
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 074c1cd798cb0b481d7eaa749b64aa416563c053, 074c1cd798cb0b481d7eaa749b64aa416563c053, 074c1cd798cb0b481d7eaa749b64aa416563c053, 074c1cd798cb0b481d7eaa749b64aa416563c053, 074c1cd798cb0b481d7eaa749b64aa416563c053, 4.17, 6.6.129, 6.12.76, 6.18.17, 6.19.7, 7.0-rc3 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| linux | linux | mitre_affected | 90% |
Updated description with critical severity, new affected versions, and corrected patch availability.
Updated exploit availability to true, marked as actively exploited, and changed severity to HIGH.
Updated description with more technical detail, added severity as HIGH, and included new affected versions and CWE-125.
Initial creation
