PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23268 Linux CVE debrief

A confused-deputy vulnerability in the Linux kernel's AppArmor security module allows an unprivileged local user to perform privileged policy management operations. The apparmorfs interfaces for loading, replacing, and removing security profiles were accessible with permissions that permitted file descriptor passing attacks. An unprivileged attacker could open these interfaces and pass the resulting file descriptor to a privileged process, manipulating that process into performing policy writes on their behalf. Successful exploitation enables complete AppArmor policy management, including removing confinement from processes, causing denial of service by denying all execution, bypassing unprivileged user namespace restrictions, and potentially exploiting kernel bugs for local privilege escalation. The fix ensures that the task writing to the interface holds privileges that are a subset of the task that originally opened the interface, closing the delegation bypass for unconfined processes.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-29
Advisory published
2026-03-18
Advisory updated
2026-05-29

Who should care

Linux system administrators, kernel maintainers, security teams operating containerized or multi-tenant environments relying on AppArmor for mandatory access control, and organizations with compliance requirements for process confinement.

Technical summary

The vulnerability exists in the apparmorfs policy management interfaces, which are exposed with permissions that allow non-root processes to load policy to different namespaces. The permission model (0666) cannot be simply restricted to 0600 because legitimate use cases require non-root namespace policy loading. The attack vector involves an unprivileged local user opening the apparmorfs interface to obtain a file descriptor, then using a confused deputy attack to pass that descriptor to a privileged process and induce writes. The fix implements a privilege subset check at write time: the writing task's privileges must be a subset of the opening task's privileges. This check already existed for confined processes via policy enforcement, but unconfined processes could previously delegate access through file descriptor passing, bypassing the policy check. The patch closes this gap by enforcing the subset check for all tasks, including unconfined ones.

Defensive priority

high

Recommended defensive actions

  • Apply the relevant stable kernel patch for your kernel series: 5.10.253+, 5.15.203+, 6.1.169+, 6.6.130+, 6.12.77+, 6.18.18+, 6.19.8+, or 7.0-rc4+
  • Upgrade to a patched kernel version as listed in the CPE version ranges
  • If immediate patching is not possible, restrict access to processes that may be manipulated into writing to file descriptors on behalf of unprivileged users
  • Monitor for anomalous AppArmor policy changes in environments running affected kernel versions
  • Review and audit processes running with elevated privileges that accept file descriptors from untrusted sources

Evidence notes

CVE published 2026-03-18; modified 2026-05-29. Multiple stable kernel patches released. Affected versions span Linux kernel 4.11 through 6.19.8, plus 7.0-rc1 through rc3. Third-party advisory from Qualys published 2026-03-10. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Official resources

2026-03-18