CVE-2026-23405
Description
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix: limit the number of levels of policy namespaces
Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and it is possible to create them and nest them arbitrarily deep which can be used to exhaust system resource.
Hard cap policy namespaces to the same depth as user namespaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel AppArmor lacked a depth limit on policy namespaces, allowing local users to exhaust system resources via nested namespace creation.
Vulnerability
In the Linux kernel's AppArmor security module, the number of nested policy namespaces was not bounded. Unlike user namespaces, which have a hard limit on nesting depth, AppArmor policy namespaces could be created and nested arbitrarily deep, relying only on the user namespace limit which is not strictly tied to AppArmor namespaces. This oversight allows an attacker to exhaust system resources by creating deeply nested policy namespaces.
Exploitation
A local user with the ability to create AppArmor namespaces (typically requiring CAP_MAC_ADMIN or similar privileges) can exploit this by repeatedly nesting namespaces. No network access or authentication beyond local system access is required. The attack does not depend on any other vulnerability; it is a direct resource exhaustion vector.
Impact
An attacker can cause significant memory and possibly CPU exhaustion, leading to a denial of service (DoS) condition on the affected system. The unbounded nesting consumes kernel memory for each namespace level, potentially crashing the system or making it unresponsive.
Mitigation
The fix introduces a hard cap on the depth of AppArmor policy namespaces, matching the existing limit for user namespaces. Patches have been backported to stable kernel versions [1][2][3][4]. Users should apply the latest kernel updates from their distribution to remediate this issue.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.36.1,<5.10.253
- cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2nvdPatch
- git.kernel.org/stable/c/3f8699b3ee0c04b4b9bc27b82cd89a40e81e1d2envdPatch
- git.kernel.org/stable/c/6b396cc2f0365e684fc1d3547d18ef79fcee225dnvdPatch
- git.kernel.org/stable/c/7b6495ead2c611647f6b11441a852324e3eb8616nvdPatch
- git.kernel.org/stable/c/853ce31ca72097d23991a06876a2ccb5cb64b603nvdPatch
- git.kernel.org/stable/c/87d0cecc900e55d55fc4dbfb43ac93e269c7a5b3nvdPatch
- git.kernel.org/stable/c/b1226e37eb3754d389721c135db6107db94c7a72nvdPatch
- git.kernel.org/stable/c/d42b2b6bb77ca40ee34ab74ad79305840b5f315dnvdPatch
News mentions
0No linked articles in our index yet.