—

CVE-2026-23411PATCHED

Linux · Linux

apparmor: fix race between freeing data and fs accessing it

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction.

Affected Products

Vendor	Product	Versions
Linux	Linux	c961ee5f21b202dea60b63eeef945730d92e46a6, c961ee5f21b202dea60b63eeef945730d92e46a6, c961ee5f21b202dea60b63eeef945730d92e46a6, c961ee5f21b202dea60b63eeef945730d92e46a6, c961ee5f21b202dea60b63eeef945730d92e46a6, 4.13, 6.6.129, 6.12.76, 6.18.17, 6.19.7, 7.0-rc3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%

References

Related News (2 articles)

Tier C

VulDB7h ago

CVE-2026-23411 | Linux Kernel up to 6.6.129/6.12.76/6.18.17/6.19.7/7.0-rc3 apparmor i_private privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs8h ago

CVE-2026-23411: apparmor: fix race between freeing data and fs accessing it

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

ae10787d955fb255d381e0d5589451dd72c614b1eecce026399917f6efa532c56bc7a3e9dd6ee68b13bc2772414d68e94e273dea013181a986948ddf2a732ed26fbd048e7925d227af8cf9ea43fb5cc98e135b8aee5a06c52a4347a5a6d51223c6f36ba306.6.1306.12.776.18.186.19.87.0-rc4

PublishedApr 1, 2026

Last enriched6h agov3

Trending Score40

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-23406EXP

apparmor: fix side-effect bug in match_char() macro usage

Trending: 63

HIGHCVE-2026-23269EXP

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into

Trending: 60

CRITICALCVE-2026-23409EXP

apparmor: fix differential encoding verification

Trending: 59

CRITICALCVE-2026-23400EXP

rust_binder: call set_notification_done() without proc lock

Trending: 58

CRITICALCVE-2026-23399EXP

nf_tables: nft_dynset: fix possible stateful expression memleak in error path

Trending: 43

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions

Apr 1, 2026

Patch Available

Apr 1, 2026

Updated: affectedVersions, severity

Apr 1, 2026

Version History

Last enriched 6h ago

v3Tier C6h ago

Updated affected versions, severity to CRITICAL, and noted no exploit available.

affectedVersionsseverity

via VulDB

v2Tier C8h ago

Updated description with more technical detail, added affected versions, changed severity to HIGH, and marked exploit as available and actively exploited.

affectedVersions

via Linux Kernel CVEs

v18h ago

Initial creation