Skip to main content

Linux Kernel CVE-2026-45893

| EUVDEUVD-2026-32359 HIGH
Out-of-bounds Read (CWE-125)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-44ww-rw32-794r
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
7.1 HIGH

Local-only kernel bug reachable by loading a policy (PR:L given AppArmor load capability), no UI; out-of-bounds read leaks kernel memory (C:H) and can crash the host (A:H), no integrity impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 23:33 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
7.1 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.1
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

apparmor: Fix & Optimize table creation from possibly unaligned memory

Source blob may come from userspace and might be unaligned. Try to optize the copying process by avoiding unaligned memory accesses.

  • Added Fixes tag
  • Added "Fix &" to description as this doesn't just optimize but fixes

a potential unaligned memory access [jj: remove duplicate word "convert" in comment trigger checkpatch warning]

AnalysisAI

Out-of-bounds read in the Linux kernel's AppArmor subsystem allows a local, low-privileged attacker to leak adjacent kernel memory and potentially crash the system when AppArmor parses a policy table built from possibly unaligned, userspace-supplied source data. The flaw stems from unaligned memory accesses during table creation in the policy loader and carries high confidentiality and availability impact. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.02%, 5th percentile), consistent with a hard-to-reach local-only kernel hardening fix rather than a mass-exploitation target.

Technical ContextAI

The vulnerability lives in the Linux kernel AppArmor LSM (Linux Security Module), specifically in the routine that constructs internal lookup tables from a serialized policy blob during profile loading. AppArmor policies are compiled into a binary form and loaded into the kernel via the apparmorfs interface; the kernel copies and interprets this blob to build runtime data structures (such as DFA/match tables). Because the source blob originates from userspace and may not be word-aligned, the original copy/parse logic performed unaligned memory accesses, which on some architectures and with malformed length/offset fields can read past the intended bounds. The root cause is classified as CWE-125 (Out-of-bounds Read); the fix both corrects the potential unaligned/out-of-bounds access and optimizes the copy path to avoid unaligned reads. The affected component is the kernel itself (CPE cpe:2.3:o:linux:linux_kernel), not a userland package.

RemediationAI

Vendor-released patch: upgrade to a fixed stable kernel - 6.12.75 or later on 6.12.y, 6.18.14 or later on 6.18.y, 6.19.4 or later on 6.19.y, or 7.0, or apply your distribution's kernel update that backports stable commits 226c3b10aab2, 47e351dfef60, 6fc367bfd4c8, or e027999049c4 (see https://git.kernel.org/stable/c/226c3b10aab23f73b03c47e7773107de56ba3a4e and the related commits). Because the bug is reached only through AppArmor policy loading, an effective compensating control where patching must be delayed is to restrict who can load policies: ensure CAP_MAC_ADMIN is not granted to untrusted users or containers, and disable unprivileged user namespaces if your distribution allows AppArmor profile manipulation through them (sysctl kernel.unprivileged_userns_clone=0 or user.max_user_namespaces=0) - note this can break rootless containers and sandboxed applications that rely on user namespaces. If AppArmor is not required for the workload, it can be left disabled, but that removes a security control and is generally not advisable for production hosts. Validate the running kernel after reboot (uname -r) since kernel fixes require a reboot or live-patch to take effect.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-45893 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy