Skip to main content

Linux Kernel EUVDEUVD-2026-32314

| CVE-2026-45848 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-8jqg-g4wj-938g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only trigger during socket teardown, standard user privileges required, kernel crash is availability-only with no confidentiality or integrity impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:11 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix NULL sock in aa_sock_file_perm

Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in __unix_needs_revalidation shows this is at least possible for af_unix sockets. While the fix for af_unix sockets applies for newer mediation this is still the fall back path for older af_unix mediation and other sockets, so ensure it is covered.

AnalysisAI

NULL pointer dereference in the Linux kernel's AppArmor LSM function aa_sock_file_perm allows a local authenticated user to crash the kernel (oops) during socket setup or teardown. The flaw affects the fallback mediation path for AF_UNIX sockets and all other socket families when AppArmor is in enforcing mode, because neither sock nor sock->sk are validated for NULL before dereferencing. Impact is limited to availability (system crash); no confidentiality or integrity loss is possible. No public exploit is identified at time of analysis, and EPSS at 0.02% (7th percentile) indicates negligible exploitation probability.

Technical ContextAI

The vulnerability resides in AppArmor's Linux Security Module (LSM) hook aa_sock_file_perm(), called by the kernel to enforce MAC policy on socket file operations. During kernel socket lifecycle transitions - specifically the setup or teardown phases - the sock pointer and its embedded sk (sock_kernel) field can transiently be NULL. CWE-476 (NULL Pointer Dereference) identifies the root cause: the code dereferences these pointers without first validating non-NULL state. A prior fix for __unix_needs_revalidation proved this race is real for AF_UNIX sockets under newer mediation; this CVE closes the same gap in the older mediation fallback path, which also handles all non-AF_UNIX socket families. The fix was introduced as commit 56974a6fcfef69ee0825bd66ed13e92070ac5224 and backported across seven stable kernel branches. CPE: cpe:2.3:o:linux:linux_kernel:* across multiple stable series.

RemediationAI

Update the Linux kernel to a patched stable release: 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0, depending on the branch in use. Upstream commits are available at https://git.kernel.org/stable/c/00b67657535dfea56e84d11492f5c0f61d0af297, https://git.kernel.org/stable/c/68538ec34fcb4194c7961dc4eca6f5537fec8067, and the other stable refs listed in the NVD references. Distribution-specific kernel updates from Ubuntu, Debian, or openSUSE security channels will carry these backports. As a temporary compensating control where patching is not immediately feasible, setting AppArmor to complain mode (aa-complain) or disabling socket-level AppArmor profiles removes the vulnerable code path; however, this reduces MAC enforcement and should be treated as a short-term measure only, with documented risk acceptance.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy