SUSE CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

CVE-2026-46254 AppArmor: Allow apparmor to handle unaligned dfa tables

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

EUVD-2026-34116

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

CVE-2026-46254

CVE-2026-46254 affects the Linux kernel in AppArmor, where unaligned dfa tables may trigger unaligned memory accesses on certain architectures. The issue can originate from either kernel or userspace DFA tables, leading to kernel warnings and an unaligned access in aa_dfa_unpack. A workaround is ...

EUVD-2026-32988

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from an incorrect calculation of the internal buffer size, which may lead to out-of-bound...

SUSE CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

SUSE CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

CVE-2026-23407

A flaw was found in AppArmor, a security module within the Linux kernel. A local user could exploit this vulnerability by providing a specially crafted Deterministic Finite Automaton DFA, a set of rules for pattern matching, to the verifydfa function. This malformed input causes the system to...

CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

UBUNTU-CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

CVE-2026-23407

The CVE-2026-23407 issue affects the Linux kernel AppArmor DFA verification. The root cause is a missing bounds check on DEFAULT_TABLE in verify_dfa(), which can read k = DEFAULT_TABLE[j] as an index without validation when traversing the differential encoding chain, allowing out-of-bounds reads/...

CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

CVE-2026-23406

CVE-2026-23406 concerns the AppArmor Linux kernel module. The issue arises in the DFA matching logic used during file path checks, where the macro match_char() can evaluate its character parameter multiple times when traversing differential encoding chains. If invoked with *str++, the string poin...

PT-2026-29490

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc7-next-20260127 Description The Linux kernel contains a flaw within the AppArmor subsystem, specifically in the verify dfa function. This function lacks a bounds check on the DEFAULT table when handling...

PT-2026-29489

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc7-next-20260127 Description The Linux kernel contains a flaw within the apparmor subsystem, specifically in the match char macro. This macro incorrectly evaluates its character parameter multiple times...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from a lack of boundary checking of the DEFAULT table in the verifydfa function, which can b...

Linux Distros Unpatched Vulnerability : CVE-2026-23269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: validate DFA start states are in bounds in unpackpdb Start states are read from untrusted data and used as indexes into the DFA state tables. The...

UBUNTU-CVE-2026-23269

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpackpdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aadfanext function call in unpackpdb will access dfa-tablesYYTDIDBASEstar...