Main Vulnerability Database Vulnerabilities #VU124181

#VU124181 Improper Access Control in Linux kernel - CVE-2026-23268

Published: March 20, 2026

Vulnerability identifier: #VU124181

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23268

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.

The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.

The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.

Remediation

Install security update from vendor's repository.

#VU124181 Improper Access Control in Linux kernel - CVE-2026-23268

Description

Remediation

External links

Please verify you're human