Skip to main content

Linux Kernel CVE-2026-46254

| EUVDEUVD-2026-34116 MEDIUM
2026-06-03 Linux GHSA-7rpr-5c67-jf73
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:25 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

AppArmor: Allow apparmor to handle unaligned dfa tables

The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures. Resulting in the following

[   73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa_dfa_unpack+0x6cc/0x720 [   74.015867] Modules linked in: binfmt_misc evdev flash sg drm drm_panel_orientation_quirks backlight i2c_core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sr_mod hid cdrom sd_mod ata_generic ohci_pci ehci_pci ehci_hcd ohci_hcd pata_ali libata sym53c8xx scsi_transport_spi tg3 scsi_mod usbcore libphy scsi_common mdio_bus usb_common [   74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor_parser Not tainted 6.18.0-rc6+ #9 NONE [   74.536543] Call Trace: [   74.568561] [<0000000000434c24>] dump_stack+0x8/0x18 [   74.633757] [<0000000000476438>] __warn+0xd8/0x100 [   74.696664] [<00000000004296d4>] warn_slowpath_fmt+0x34/0x74 [   74.771006] [<00000000008db28c>] aa_dfa_unpack+0x6cc/0x720 [   74.843062] [<00000000008e643c>] unpack_pdb+0xbc/0x7e0 [   74.910545] [<00000000008e7740>] unpack_profile+0xbe0/0x1300 [   74.984888] [<00000000008e82e0>] aa_unpack+0xe0/0x6a0 [   75.051226] [<00000000008e3ec4>] aa_replace_profiles+0x64/0x1160 [   75.130144] [<00000000008d4d90>] policy_update+0xf0/0x280 [   75.201057] [<00000000008d4fc8>] profile_replace+0xa8/0x100 [   75.274258] [<0000000000766bd0>] vfs_write+0x90/0x420 [   75.340594] [<00000000007670cc>] ksys_write+0x4c/0xe0 [   75.406932] [<0000000000767174>] sys_write+0x14/0x40 [   75.472126] [<0000000000406174>] linux_sparc_syscall+0x34/0x44 [   75.548802] ---[ end trace 0000000000000000 ]--- [   75.609503] dfa blob stream 0xfff0000008926b96 not aligned. [   75.682695] Kernel unaligned access at TPC[8db2a8] aa_dfa_unpack+0x6e8/0x720

Work around it by using the get_unaligned_xx() helpers.

AnalysisAI

Unaligned memory access in the Linux Kernel's AppArmor DFA table parser causes a denial of service on strict-alignment architectures. AppArmor's deterministic finite automaton (DFA) policy tables, which can originate from either kernel or userspace via apparmor_parser, lack guaranteed 8-byte alignment; on architectures that fault or warn on unaligned access (confirmed via SPARC call trace in the description), loading AppArmor profiles triggers a kernel WARNING at security/apparmor/match.c:316 and fails profile loading. No public exploit exists and no KEV listing is present; EPSS is 0.02% (5th percentile), consistent with a low-severity, architecture-specific, local-only issue.

Technical ContextAI

The Linux Kernel's AppArmor LSM (Linux Security Module) uses DFA tables to evaluate security policy. These binary blobs are provided by userspace tooling (apparmor_parser) written to the kernel via vfs_write, and are unpacked in aa_dfa_unpack() (security/apparmor/match.c). The root cause is that multi-byte table fields are read directly via typed pointer dereferences, which assumes aligned memory. On RISC architectures enforcing strict alignment - such as SPARC (confirmed by the kernel trace showing TPC[8db2a8] in aa_dfa_unpack) and potentially MIPS and older ARM variants - this triggers unaligned access hardware exceptions or kernel warnings. The CWE is not formally assigned, but this maps to improper handling of alignment assumptions (analogous to CWE-704/CWE-119 class issues). The fix replaces raw typed reads with get_unaligned_xx() helpers, which perform portable byte-by-byte reads regardless of alignment. CPE data identifies the affected product as cpe:2.3:a:linux:linux with a broad version range; EUVD data anchors the introduced commit to e6e8bf418850d7958311a96ccfb594f2bcc8313e, present since Linux 4.11.

RemediationAI

Upgrade to a patched Linux kernel stable release: 6.12.75, 6.18.14, 6.19.4, or 7.0, each of which applies the get_unaligned_xx() fix. The specific upstream commits are available at https://git.kernel.org/stable/c/ec737e7fdf2f0ba7b203d4ec72cc915978b10e7e (6.18.x), https://git.kernel.org/stable/c/23f112bd6144e815153462e12d313ac3e7027168 (6.12.x), https://git.kernel.org/stable/c/cded636008bde2b397a7cf63b8299d7c303aaf6a (6.19.x), and https://git.kernel.org/stable/c/64802f731214a51dfe3c6c27636b3ddafd003eb0 (7.0). For systems that cannot be patched immediately and run AppArmor on strict-alignment architectures, a compensating control is to disable AppArmor enforcement (set GRUB_CMDLINE_LINUX='apparmor=0') - however, this removes the entire MAC enforcement layer and should only be considered where AppArmor is not relied upon for security containment. There is no partial workaround that preserves AppArmor policy loading while avoiding the alignment issue.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-46254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy