Skip to main content

Linux Kernel EUVDEUVD-2026-35429

| CVE-2026-46328 HIGH
2026-06-09 Linux GHSA-2v6r-qcvm-x943
7.3
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
vuln.today AI
7.3 HIGH

Local confined process (AV:L, PR:L) reliably mis-applies an AppArmor rlimit into kernel timer state (AC:L, S:C), causing high availability and limited integrity impact with no confidentiality loss.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L
SUSE
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 14, 2026 - 06:37 vuln.today
CVSS changed
Jun 14, 2026 - 06:22 NVD
7.3 (HIGH)
Patch available
Jun 09, 2026 - 15:01 EUVD
CVE Published
Jun 09, 2026 - 12:25 cve.org
HIGH 7.3
CVE Published
Jun 09, 2026 - 12:25 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix rlimit for posix cpu timers

Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers when appropriate.

AnalysisAI

Local privilege/availability impact in the Linux kernel AppArmor subsystem stems from incomplete rlimit handling for POSIX CPU timers, where setting an rlimit through AppArmor policy did not propagate to the POSIX CPU timer machinery. A local low-privileged user operating under an AppArmor-confined profile can leverage the inconsistent limit enforcement to disrupt CPU-time accounting and cause high-impact availability effects on the system. No public exploit identified at time of analysis, and EPSS rates likelihood of exploitation at only 0.02% (7th percentile).

Technical ContextAI

AppArmor is the Linux Mandatory Access Control LSM that, among other things, can apply rlimit values to confined processes. POSIX CPU timers (per-process CPU consumption timers exposed via timer_create/setitimer with CLOCK_PROCESS_CPUTIME_ID and friends) require an additional update step in the timer subsystem when RLIMIT_CPU changes - simply writing the rlimit struct is not sufficient. The AppArmor rlimit path skipped that conditional update, leaving the kernel's POSIX CPU timer state desynchronised from the active rlimit. The affected component is the AppArmor LSM in mainline Linux (CPE cpe:2.3:a:linux:linux), with no CWE assigned by NVD but the bug class is effectively improper synchronisation of security/resource state across kernel subsystems.

RemediationAI

Vendor-released patch: upgrade to one of the fixed stable kernels - 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, or mainline at or above the fix commit (6.19.4 line) - using the commit set published at git.kernel.org/stable/c/ (e.g. e1cc11550b2f, 2232d7cd2438, 28aa93fcfb33, 1f736dfe27c8, e43818b16815, 9bf1fa150775, 57d51d41b90e, 6ca56813f4a5). On distribution kernels, install the vendor security update that references CVE-2026-46328 and track the advisory via https://nvd.nist.gov/vuln/detail/CVE-2026-46328 and https://vuldb.com/vuln/369542. As an interim workaround on systems that cannot reboot quickly, avoid deploying AppArmor profiles that set RLIMIT_CPU on untrusted workloads, or move sensitive workloads off AppArmor-confined contexts that rely on CPU-time rlimits - the trade-off is loss of MAC-enforced CPU-time confinement until the kernel is patched; do not disable AppArmor system-wide as that removes a broad set of unrelated protections.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-35429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy