Skip to main content

Linux CVE-2026-23407

| EUVDEUVD-2026-17835 HIGH
Out-of-bounds Read (CWE-125)
2026-04-01 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Red Hat
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 18, 2026 - 09:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 18, 2026 - 09:22 vuln.today
cvss_changed
Patch released
Apr 01, 2026 - 14:30 nvd
Patch available
EUVD ID Assigned
Apr 01, 2026 - 09:22 euvd
EUVD-2026-17835
Analysis Generated
Apr 01, 2026 - 09:22 vuln.today
CVE Published
Apr 01, 2026 - 09:16 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix missing bounds check on DEFAULT table in verify_dfa()

The verify_dfa() function only checks DEFAULT_TABLE bounds when the state is not differentially encoded.

When the verification loop traverses the differential encoding chain, it reads k = DEFAULT_TABLE[j] and uses k as an array index without validation. A malformed DFA with DEFAULT_TABLE[j] >= state_count, therefore, causes both out-of-bounds reads and writes.

[ 57.179855] ============== [ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660 [ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993

[ 57.181554] CPU: 1 UID: 0 PID: 993 Comm: su Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy) [ 57.181558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.181563] Call Trace: [ 57.181572] <TASK> [ 57.181577] dump_stack_lvl+0x5e/0x80 [ 57.181596] print_report+0xc8/0x270 [ 57.181605] ? verify_dfa+0x59a/0x660 [ 57.181608] kasan_report+0x118/0x150 [ 57.181620] ? verify_dfa+0x59a/0x660 [ 57.181623] verify_dfa+0x59a/0x660 [ 57.181627] aa_dfa_unpack+0x1610/0x1740 [ 57.181629] ? __kmalloc_cache_noprof+0x1d0/0x470 [ 57.181640] unpack_pdb+0x86d/0x46b0 [ 57.181647] ? srso_alias_return_thunk+0x5/0xfbef5 [ 57.181653] ? srso_alias_return_thunk+0x5/0xfbef5 [ 57.181656] ? aa_unpack_nameX+0x1a8/0x300 [ 57.181659] aa_unpack+0x20b0/0x4c30 [ 57.181662] ? srso_alias_return_thunk+0x5/0xfbef5 [ 57.181664] ? stack_depot_save_flags+0x33/0x700 [ 57.181681] ? kasan_save_track+0x4f/0x80 [ 57.181683] ? kasan_save_track+0x3e/0x80 [ 57.181686] ? __kasan_kmalloc+0x93/0xb0 [ 57.181688] ? __kvmalloc_node_noprof+0x44a/0x780 [ 57.181693] ? aa_simple_write_to_buffer+0x54/0x130 [ 57.181697] ? policy_update+0x154/0x330 [ 57.181704] aa_replace_profiles+0x15a/0x1dd0 [ 57.181707] ? srso_alias_return_thunk+0x5/0xfbef5 [ 57.181710] ? __kvmalloc_node_noprof+0x44a/0x780 [ 57.181712] ? aa_loaddata_alloc+0x77/0x140 [ 57.181715] ? srso_alias_return_thunk+0x5/0xfbef5 [ 57.181717] ? _copy_from_user+0x2a/0x70 [ 57.181730] policy_update+0x17a/0x330 [ 57.181733] profile_replace+0x153/0x1a0 [ 57.181735] ? rw_verify_area+0x93/0x2d0 [ 57.181740] vfs_write+0x235/0xab0 [ 57.181745] ksys_write+0xb0/0x170 [ 57.181748] do_syscall_64+0x8e/0x660 [ 57.181762] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 57.181765] RIP: 0033:0x7f6192792eb2

Remove the MATCH_FLAG_DIFF_ENCODE condition to validate all DEFAULT_TABLE entries unconditionally.

AnalysisAI

Out-of-bounds read and write in Linux kernel AppArmor DFA verification allows local authenticated users to cause memory corruption and potential privilege escalation. Affects Linux kernel 4.17+ through 6.12.x, actively patched in stable branches 6.6.130, 6.12.77, 6.18.18, and 6.19.8. The vulnerability occurs during AppArmor policy loading when malformed DFA structures bypass bounds checking in verify_dfa(). EPSS score of 0.02% suggests low exploitation probability in the wild; no public exploit code or CISA KEV listing identified. Ubuntu rates this medium priority with patches released via USN-8152-1.

Technical ContextAI

AppArmor is Linux's mandatory access control (MAC) framework that uses deterministic finite automata (DFA) to match security policies. The verify_dfa() function validates serialized DFA structures during policy loading. DFAs use state transition tables including a DEFAULT_TABLE that specifies fallback states for transitions. When processing differentially encoded DFA states (a compression technique where state N references state M's transitions as a base), the code reads k = DEFAULT_TABLE[j] and uses k as an array index into state-dependent tables. The vulnerability exists in commit 031dcc8f4e84 (introduced ~2018 in Linux 4.17) where bounds checking only applies to non-differentially-encoded states. An attacker crafting a malicious AppArmor policy with DEFAULT_TABLE[j] >= state_count causes the kernel to read/write beyond allocated DFA verification structures, triggering KASAN slab-out-of-bounds detections. The fix unconditionally validates all DEFAULT_TABLE entries regardless of encoding flags.

RemediationAI

Upgrade to patched Linux kernel versions: 6.6.130+, 6.12.77+, 6.18.18+, 6.19.8+, or 7.0-rc4+. Ubuntu users should apply USN-8152-1 via standard update mechanisms (apt update && apt upgrade). Debian users should follow distribution-specific security advisories. Upstream fixes available in kernel.org stable commits: f39e126e56c6 (mainline), 76b4d36c5122, 5a68e46dfe0c, 7c7cf05e0606, d352873bbefa, 22094c996968, 555829fd91ea, a75e12ca90c9. For systems where immediate patching is infeasible, restrict AppArmor policy loading to root-only by ensuring /sys/kernel/security/apparmor/.load and policy_update interfaces require CAP_MAC_ADMIN; verify no unprivileged processes or containers have write access to AppArmor policy paths (/etc/apparmor.d/, /var/lib/apparmor/). Note this does not eliminate risk if the root account is compromised but prevents unprivileged exploitation. Audit container configurations (Docker, LXC, Kubernetes) for AppArmor policy manipulation permissions - disable custom profile loading in multi-tenant environments until patched. Trade-off: restricting policy loading limits legitimate administrative automation requiring temporary policy adjustments.

Vendor StatusVendor

Ubuntu

Priority: Medium
linux
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-hwe
Release Status Version
xenial needs-triage -
bionic ignored replaced by linux-hwe-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-hwe-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-hwe-5.8
Release Status Version
focal ignored superseded by linux-hwe-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-5.11
linux-hwe-5.11
Release Status Version
focal ignored superseded by linux-hwe-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-5.13
linux-hwe-5.13
Release Status Version
focal ignored superseded by linux-hwe-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-5.15
linux-hwe-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-hwe-5.19
Release Status Version
jammy ignored superseded by linux-hwe-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-6.2
linux-hwe-6.2
Release Status Version
jammy ignored superseded by linux-hwe-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-6.5
linux-hwe-6.5
Release Status Version
jammy ignored superseded by linux-hwe-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-hwe-6.8
linux-hwe-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-hwe-6.11
Release Status Version
jammy DNE -
noble ignored superseded by linux-hwe-6.14
questing DNE -
upstream ignored superseded by linux-hwe-6.14
linux-hwe-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-hwe-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-hwe-edge
Release Status Version
xenial ignored superseded by linux-hwe
bionic ignored superseded by linux-hwe-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-lts-xenial
Release Status Version
trusty needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-kvm
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-allwinner-5.19
Release Status Version
jammy ignored end of kernel support
noble DNE -
questing DNE -
upstream ignored end of life
linux-aws
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-aws-5.0
Release Status Version
bionic ignored superseded by linux-aws-5.3
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-5.3
linux-aws-5.3
Release Status Version
bionic ignored superseded by linux-aws-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-5.4
linux-aws-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-aws-5.8
Release Status Version
focal ignored superseded by linux-aws-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-5.11
linux-aws-5.11
Release Status Version
focal ignored superseded by linux-aws-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-5.13
linux-aws-5.13
Release Status Version
focal ignored superseded by linux-aws-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-5.15
linux-aws-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-aws-5.19
Release Status Version
jammy ignored superseded by linux-aws-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-6.2
linux-aws-6.2
Release Status Version
jammy ignored superseded by linux-aws-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-6.5
linux-aws-6.5
Release Status Version
jammy ignored superseded by linux-aws-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-aws-6.8
linux-aws-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-aws-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-aws-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-aws-hwe
Release Status Version
xenial needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic ignored superseded by linux-azure-5.3
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-azure-4.15
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-5.3
Release Status Version
bionic ignored superseded by linux-azure-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-5.4
linux-azure-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-5.8
Release Status Version
focal ignored superseded by linux-azure-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-5.11
linux-azure-5.11
Release Status Version
focal ignored superseded by linux-azure-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-5.13
linux-azure-5.13
Release Status Version
focal ignored superseded by linux-azure-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-5.15
linux-azure-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-5.19
Release Status Version
jammy ignored superseded by linux-azure-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-6.2
linux-azure-6.2
Release Status Version
jammy ignored superseded by linux-azure-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-6.5
linux-azure-6.5
Release Status Version
jammy ignored superseded by linux-azure-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-6.8
linux-azure-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-6.11
Release Status Version
jammy DNE -
noble ignored superseded by linux-azure-6.14
questing DNE -
upstream ignored superseded by linux-azure-6.14
linux-azure-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-azure-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-azure-fde
Release Status Version
focal ignored superseded by linux-azure-fde-5.15
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-azure-fde-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-fde-5.19
Release Status Version
jammy ignored superseded by linux-azure-fde-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-fde-6.2
linux-azure-fde-6.2
Release Status Version
jammy ignored replaced by linux-azure-6.5
noble DNE -
questing DNE -
upstream ignored replaced by linux-azure-6.5
linux-azure-fde-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-fde-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-azure-fde-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-azure-nvidia
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-azure-nvidia-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-bluefield
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-edge
Release Status Version
bionic ignored superseded by linux-azure-5.3
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-azure-5.3
linux-fips
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-aws-fips
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-azure-fips
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp-fips
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp
Release Status Version
xenial needs-triage -
bionic ignored superseded by linux-gcp-5.3
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-gcp-4.15
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp-5.3
Release Status Version
bionic ignored superseded by linux-gcp-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-5.4
linux-gcp-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp-5.8
Release Status Version
focal ignored superseded by linux-gcp-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-5.11
linux-gcp-5.11
Release Status Version
focal ignored superseded by linux-gcp-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-5.13
linux-gcp-5.13
Release Status Version
focal ignored superseded by linux-gcp-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-5.15
linux-gcp-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp-5.19
Release Status Version
jammy ignored superseded by linux-gcp-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-6.2
linux-gcp-6.2
Release Status Version
jammy ignored superseded by linux-gcp-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-6.5
linux-gcp-6.5
Release Status Version
jammy ignored superseded by linux-gcp-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-gcp-6.8
linux-gcp-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-gcp-6.11
Release Status Version
jammy DNE -
noble ignored superseded by linux-gcp-6.14
questing DNE -
upstream ignored superseded by linux-gcp-6.14
linux-gcp-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-gcp-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-gke
Release Status Version
focal ignored end of kernel support
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-gke-4.15
Release Status Version
bionic ignored superseded by linux-gke-5.0
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-gke-5.0
linux-gke-5.4
Release Status Version
bionic ignored end of kernel support
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-gke-5.15
Release Status Version
focal ignored end of kernel support
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-gkeop
Release Status Version
focal ignored end of kernel support
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-gkeop-5.4
Release Status Version
bionic ignored end of kernel support
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-gkeop-5.15
Release Status Version
focal ignored end of kernel support
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-ibm
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-ibm-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-ibm-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-ibm-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-intel-5.13
Release Status Version
focal ignored end of kernel support
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-intel-iotg
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-intel-iotg-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-iot
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-intel-iot-realtime
Release Status Version
jammy ignored superseded by Ubuntu Pro ppa version
noble DNE -
questing DNE -
upstream needs-triage -
linux-lowlatency
Release Status Version
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-lowlatency-hwe-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-lowlatency-hwe-5.19
Release Status Version
jammy ignored superseded by linux-lowlatency-hwe-6.2
noble DNE -
questing DNE -
upstream ignored superseded by linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.2
Release Status Version
jammy ignored superseded by linux-lowlatency-hwe-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-lowlatency-hwe-6.5
linux-lowlatency-hwe-6.5
Release Status Version
jammy ignored superseded by linux-lowlatency-hwe-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-lowlatency-hwe-6.8
linux-lowlatency-hwe-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-lowlatency-hwe-6.11
Release Status Version
jammy DNE -
noble ignored replaced by linux-hwe-6.14
questing DNE -
upstream ignored replaced by linux-hwe-6.14
linux-nvidia
Release Status Version
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-nvidia-6.2
Release Status Version
jammy ignored superseded by linux-nvidia-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-nvidia-6.5
linux-nvidia-6.5
Release Status Version
jammy ignored superseded by linux-nvidia-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-nvidia-6.8
linux-nvidia-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-nvidia-6.11
Release Status Version
jammy DNE -
noble ignored end of kernel support
questing DNE -
upstream ignored end of kernel support
linux-nvidia-lowlatency
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-nvidia-tegra
Release Status Version
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-nvidia-tegra-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-nvidia-tegra-igx
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-oracle
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-oracle-5.0
Release Status Version
bionic ignored superseded by linux-oracle-5.3
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-5.3
linux-oracle-5.3
Release Status Version
bionic ignored superseded by linux-oracle-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-5.4
linux-oracle-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-oracle-5.8
Release Status Version
focal ignored superseded by linux-oracle-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-5.11
linux-oracle-5.11
Release Status Version
focal ignored superseded by linux-oracle-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-5.13
linux-oracle-5.13
Release Status Version
focal ignored superseded by linux-oracle-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-5.15
linux-oracle-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-oracle-6.5
Release Status Version
jammy ignored superseded by linux-oracle-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-oracle-6.8
linux-oracle-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-oracle-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-oracle-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-oem
Release Status Version
bionic ignored replaced by linux-hwe-5.4
jammy DNE -
noble DNE -
questing DNE -
upstream ignored end of life
linux-oem-5.6
Release Status Version
focal ignored superseded by linux-oem-5.10
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-5.10
linux-oem-5.10
Release Status Version
focal ignored superseded by linux-oem-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-5.13
linux-oem-5.13
Release Status Version
focal ignored superseded by linux-oem-5.14
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-5.14
linux-oem-5.14
Release Status Version
focal ignored replaced by linux-hwe-5.15
jammy DNE -
noble DNE -
questing DNE -
upstream ignored replaced by linux-hwe-5.15
linux-oem-5.17
Release Status Version
jammy ignored superseded by linux-oem-6.1
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-6.1
linux-oem-6.0
Release Status Version
jammy ignored superseded by linux-oem-6.1
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-6.1
linux-oem-6.1
Release Status Version
jammy ignored superseded by linux-oem-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-6.5
linux-oem-6.5
Release Status Version
jammy ignored superseded by linux-oem-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-oem-6.8
linux-oem-6.8
Release Status Version
jammy DNE -
noble ignored superseded by linux-oem-6.14
questing DNE -
upstream ignored superseded by linux-oem-6.14
linux-oem-6.11
Release Status Version
jammy DNE -
noble ignored superseded by linux-oem-6.14
questing DNE -
upstream ignored superseded by linux-oem-6.14
linux-oem-6.14
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-oem-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-raspi
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
linux-raspi2
Release Status Version
focal ignored replaced by linux-raspi
jammy DNE -
noble DNE -
questing DNE -
upstream ignored replaced by linux-raspi
linux-raspi-5.4
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-raspi-realtime
Release Status Version
jammy DNE -
noble ignored superseded by Ubuntu Pro ppa version
questing DNE -
upstream needs-triage -
linux-realtime
Release Status Version
jammy ignored superseded by Ubuntu Pro ppa version
noble ignored superseded by Ubuntu Pro ppa version
questing needs-triage -
upstream needs-triage -
linux-realtime-6.8
Release Status Version
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-realtime-6.14
Release Status Version
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-riscv
Release Status Version
focal ignored superseded by linux-riscv-5.8
jammy ignored end of kernel support
noble ignored replaced by linux-riscv-6.14
questing needs-triage -
upstream needs-triage -
linux-riscv-5.8
Release Status Version
focal ignored superseded by linux-riscv-5.11
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-riscv-5.11
linux-riscv-5.11
Release Status Version
focal ignored superseded by linux-riscv-5.13
jammy DNE -
noble DNE -
questing DNE -
upstream ignored superseded by linux-riscv-5.13
linux-riscv-5.15
Release Status Version
focal needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
linux-riscv-5.19
Release Status Version
jammy ignored end of kernel support
noble DNE -
questing DNE -
upstream ignored end of life
linux-riscv-6.5
Release Status Version
jammy ignored superseded by linux-riscv-6.8
noble DNE -
questing DNE -
upstream ignored superseded by linux-riscv-6.8
linux-riscv-6.8
Release Status Version
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-riscv-6.14
Release Status Version
jammy DNE -
noble ignored superseded by linux-riscv-6.17
questing DNE -
upstream ignored superseded by linux-riscv-6.17
linux-riscv-6.17
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-starfive-5.19
Release Status Version
jammy ignored end of kernel support
noble DNE -
questing DNE -
upstream ignored end of life
linux-starfive-6.2
Release Status Version
jammy ignored superseded by linux-starfive-6.5
noble DNE -
questing DNE -
upstream ignored superseded by linux-starfive-6.5
linux-starfive-6.5
Release Status Version
jammy ignored end of kernel support
noble DNE -
questing DNE -
upstream ignored end of life
linux-xilinx
Release Status Version
jammy DNE -
noble needs-triage -
questing DNE -
upstream needs-triage -
linux-xilinx-zynqmp
Release Status Version
focal needs-triage -
jammy needs-triage -
noble DNE -
questing DNE -
upstream needs-triage -
linux-realtime-6.17
Release Status Version
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -

Debian

linux
Release Status Fixed Version Urgency
bullseye fixed 5.10.251-1 -
bullseye (security) fixed 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.74-2 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.8-1 -
sid fixed 6.19.10-1 -
(unstable) fixed 6.19.6-2 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed

Share

CVE-2026-23407 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy